Sender Policy Framework

FAQ/Best guess record

What is "best-guess"?

Best-guess processing is a crude, non-standard attempt at guessing the IP address range of a domain's outgoing mailservers. "Non-standard" means it is not standardized and specific to the implementation.

The first SPF implementation that offered best-guess processing was Mail::SPF::Query. M:S:Q's best-guess mechanism (if enabled) works like this: if a domain has no SPF record, the following synthetic record is used:

v=spf1 a/24 mx/24 ptr ?all

This is based on the assumption that legitimate outgoing mail servers are in the same class C netblock as the domain's host (a) and MXes (mx). "?" causes a "Neutral" result as a fallback, which must be treated by receivers as if no SPF check had been performed.

Other implementations may implement best-guess differently or not at all.

Some find this remarkably good at detecting unforged messages from domains that have not yet published SPF records. Others consider it a security hole because it gives attackers a lot of additional potential targes (authorized hosts) to hack in order to abuse the domain.

Unless noted otherwise, all content on this website is dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5.
The openspf.org domain name was donated by James Couzens, and related domain names by John Pinkerton. Thanks!

Sender Policy Framework

FAQ/Best guess record

What is "best-guess"?

The SPF Project

Documentation

Support