Sender Policy Framework

Definition: Method for authenticating the return address on an email message.

Sender Policy Framework (SPF) is an email authentication method that seeks to correlate the domain name in the envelope return address with the IP address of an SMTP client currently connected and waiting to send a message. While the client is still connected, and before receiving the message data, the server does a DNS query for an SPF record on the domain name.

If the IP address is listed in the SPF record, the authentication result is PASS, and the message may be processed in accordance with the reputation assigned to the domain. If the authentication result is FAIL, the message may be immediately rejected without any data transfer. Often, however, the result is neither PASS nor FAIL, but unclear. This is a result of the many domains that don't publish SPF records, or that have records giving unclear results.

- "Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1", M. Wong, W. Schlitt, 2006. - project website