Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

FAQ/What it does

What does SPF actually DO?

Suppose a spammer forges a hotmail.com address and tries to spam you.

They connect from somewhere other than Hotmail.

When his message is sent, you see MAIL FROM: <forged_address@hotmail.com>, but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network.

(In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail.

If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

Edit text of this page | View other revisions
Last edited 2006-03-11 16:41 (UTC) by Scott Kitterman (diff)