1. Home
  2. Knowledge Base
  3. Sender Policy Framework

Sender Policy Framework

SPF: A Guard against Email Spoofing

Sender Policy Framework is a protocol standing a guard over your email safety in the world of digital communication. The development of digital technologies has granted us an invaluable means of communication. Emails have significantly reduced the distance between individuals and businesses which, in their turn, have facilitated their growth and scalability by spreading information more widely and quickly. However, the worldwide nature of email has also made it a primary target for cybercriminals and spammers. To address these risks and ensure the reliability and authenticity of email communication, there have been developed numerous technologies and protocols. Among these protocols is the SPF.

Protecting Email Deliverability

The SPF (Sender Policy Framework) is a simple but an effective way to assess the legitimacy of mail. This email authentication protocol is designed to prevent forgery by validating the identity of the sending server. It utilizes DNS (Domain Name System) records to specify which servers are authorized to send emails from a specific domain. When an email is received, the recipient's server verifies the SPF record to confirm the authenticity of the sending server. SPF acts as a gatekeeper, allowing legitimate senders to pass through while blocking fraudulent or unauthorized sources.

By using SPF, organizations can significantly reduce the risk of email spoofing, phishing attacks, and other email-related threats. It doesn't only protect the sender's reputation but also enhances deliverability rates by minimizing the chances of emails being flagged as spam or rejected by receiving servers.

SPF Record Set Up

Every organization involved in email exchange must be trustworthy for the receiving mail server to have its messages delivered to target recipients. To prove its reliability, the organization should register its domain name in DNS (Domain Name System). It is achieved by providing an SPF record with a list of approved IP addresses that are authorized to send emails. The record may have the following view:

v=spf1 ip4= ip4= include:some_sender.com -all
  • v=spf1 - means that the record is of the version 1.
  • ip4= ip4= - list of authorized IP addresses that are allowed to send mail.
  • include:some_sender.com - represents third-party organizations authorized to send emails on behalf of the domain.
  • -all - means that all servers, not listed in the record, are not allowed to send e-mail, that is, will be rejected.

How it works

SPF Check

SPF protocol specifies the rules of the incoming email verification, thus, enabling its successful and safe delivery to the targeted recipient or rejection.

Successful delivery happens as a result of several simple processes on the side of the receiving server:


Initiate examination

When a message is sent, the receiving mail server finds the sender's domain name and initiates its thorough examination.


DNS lookup

The server performs a DNS lookup to find the SPF record of the sender's domain.


Search for IP addresses

The receiving mail server searches for IP addresses on the record list matching the IP address of the incoming email.


Authenticate the IP address

If the IP address of the sender's domain matches the IP address on the list, it gets authenticated.


Message receive

Once the domain passes the authentication, the message reaches its recipient's inbox.



If the SPF check fails, the message may be considered suspicious indicating a risk of spoofing and marked as spam or rejected.

Email authentication with SPF
sender's server
mail server
mail server
SPF record check
SPF record check
authentication failed the message is rejected
authentication fai...
IP address domain name
IP address dom...
DNS server
DNS server
authentication passed the message is delivered
authentication passe...

Enhancing Email Protection with DMARC and DKIM

When it comes to email security, setting up an SPF record is not enough. To enhance your mail safety, you should use DMARC (Domain-based Message Authentication, Reporting and Conformance) and DKIM (DomainKeys Identified Mail). To tighten the verification process, you can create a DKIM record in DNS with a public key to your domain. When a message is sent, a digital signature is affixed to it to be decrypted by the public key at a certain stage of the verification process. If the data in a digital signature matches the public key, the domain is verified and a message gets the green light.

Once a message has passed authentication by DKIM and SPF, it will be successfully delivered. Otherwise, in case of a mismatch, an email provider follows the instructions fixed in the DMARC record. Depending on the instructions, a message can be delivered, marked as spam or rejected.

When DMARC and DKIM are combined, they offer a comprehensive approach to bolstering email protection. DMARC enables organizations to establish policies and instruct receiving servers on how to handle emails that fail authentication checks, while DKIM adds an additional layer of verification through digital signatures. The harmonious integration of these technologies substantially mitigates the risks associated with email spoofing, phishing, and other malicious activities, reinforcing the overall security and trustworthiness of email communication.

Frequently asked questions

Find answers to your questions about the SPF

Does SPF block all fraudulent emails?

Being an effective method in preventing email forgery, it does not provide comprehensive protection against all types of attacks. Other mail security measures, such as DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), should be implemented in conjunction with SPF to ensure a robust defense against threats.

What is a digital signature?

A digital signature is like a virtual stamp. It ensures the recipient in the legitimacy of the message source.

Can SPF block legitimate emails?

Rarely, but yes, it can. If there is no match for the sender's IP address with IPs on the SPF record list, the sending server fails authentication and the message is blocked. To prevent this, the sender must provide all the relevant IP addresses in the record.

See also:

For your clear understanding of email transmission processes and better mail management, learn how to retrieve and process the information hidden in an email header. Our Email Header Analyzer can help you with that.