The Sender Policy Framework is one of those things that’s really powerful and useful to help prevent phishing and email spam, but can be a royal pain to work with. Specifically, SPF is a series of DNS TXT records1 with a specific format that can be looked up by any email service to verify that an email was sent by a server that should be authorized to send email on your behalf. For example
"v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 a -all"
v=spf1- tells the client this is an SPF record and should always start the record{key}[:{value}]?- one of many different key/value pairs that can define the record- in the case above a
ip4key species an IPv4 address range that can send emails on your behalf (the value can be optional) - the
aabove is another special case where if the sender domain ([email protected]would beexample.com) resolves via aDNS Arecord to the server that sent the email, it’s allows
- in the case above a
-allis a fallthrough case meaning ‘fail all that didn’t match a previous case
There are a number of other cases, but we’ll get to the other interesting ones in a bit.