Some time ago I wrote an article explaining how email spoofing worked. See here. I concluded that there was no good way to prevent your email address from being spoofed. Several people commented on that article and told me to look into Sender Policy Framework (SPF). I have done some research on SPF, and decided to write an article describing how to use SPF and some of the related issues.
Sender Policy Framework is a concept that validates that the IP address that an email is coming from is permitted to send mail for the domain found in the Return-Path. The concept was first introduced in 2003. It is not yet an RFC, but the IETF has accepted it as an experimental protocol. Microsoft is also involved in developing this concept, and they are calling it SenderID.
The concept of SPF is very simple. It is nothing more than a DNS entry that specifies which IP addresses are allowed to send mail from a domain.
Continue reading ‘Using Sender Policy Framework to stop email spoofing’