What is SPF (Sender Policy Framework)?
There are various ways that cyber-criminals can forge emails. They can modify the “Mail from” and make the emails look like they are coming from a specific domain when they are not. The SPF. Sender policy framework protocol is here to put strict rules. With SPF, the domain administrator can strictly limit who can send emails from the domain. The other part, the receiver, has a mechanism to check the authorization and take the necessary measures.
The outcome of the SPF evaluation can be:
- None – No SPF record was found, or the record was not properly configured.
- Neutral – The DNS admin is not stating that a particular IP address is authorized.
- Pass – The client is authorized to inject emails with the identity provided.
- Fail – Not authorized to use the domain.
- Softfail – Probably not authorized. There is a stronger “Fail” missing.
- Temperror – Currently, there is an error, most probably related to the DNS. Later, if retry again, the problem could be gone.
- Permerror – Permanent error. The DNS admin must fix an error because otherwise, the SPF record could not be understood.
Why do you need a DNS SPF record?