Effective Anti-Spamming with Sender Policy Framework

Sender Policy Framework or SPF is the Anti-Forgery solution, that checks the return path of an email address and makes it easier to identify spoofed emails.

Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted.

Under normal circumstances, when you send an email from a mail server and if your mail server permits sending emails from non-local domains then you can send emails from an email address of any domain. The receiver on the other hand may receive it in his/her mailbox as a legitimate email after bypassing most anti-spamming control mechanisms.

Example: If your domain is www.abc.com and if its mail server allowed emails from addresses other than anything@abc.com, then you are under a risk of getting exploited by hackers to exploit your server to send fraudulent emails. Anyone could then send emails pretending to be someone@microsoft.com using your mail server to any other email address on Internet. To avoid such exploitation, you must disallow emails from non-local domains on your mail servers.

SPF does something very similar to what is explained in the example above. When an email is sent from a mail server or a domain, the receiver’s mail server verifies the sender’s mail server address by looking up entries in DNS and if found to be wrong, is treated as spoofed email. So, if someone sends an email from your mail server pretending to be billy@microsoft.com to someone@yahoo.com, then Yahoo’s mail server will verify the mail server entries of Microsoft’s domain and since it will not match the IP address of your mail server, from where the email was actually sent, the email will be treated as a SPAM email which originated from your mail server.

More information on Sender Policy Framework and its implementation can be found at [openSPF], [Wikipedia] and at [msexchange.org].