Sender Policy Framework (SPF)

By | 29 October, 2013

Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by verifying sender IP addresses. Sender Policy Framework allows administrators to specify which hosts are allowed to send mail from a given domain. Sender Policy Framework published by Internet Engineering Task Force (IETF) in RFC 4408.

How Sender Policy Framework works

In high level, consider want to send email to’s domain are protected by Sender Policy Framework by define only authorize’s IP.

1) mail server with IP Address of sends a message FROM TO
2) mail server receive the email and using DNS lookup TXT for, looking for the SPF record
3) will compares the IP Address agains the SPF record
3.1) If match and allow, email will accepted (in this case it’s matched!!)
3.2) If no, email will rejected

What happen if someone from’s IP Address spoof the email and send as Recipient server will compare the SPF record for and findout it’s not authorize IP, then it’s will reject the email.

Below is the diagram how the SPF works :

sender policy framework

How to implement SPF

Owner domain creating a specific SPF record (or TXT record) in the Domain Name System (DNS).

What Sender Policy Framework record means


How to verify or validate Sender Policy Framework

You can verify & validate the domain SPF record using below tools :

1)’s website
2) Kitterman’s website
3) Openspf’s website

Further Reading

There are other mechanisms as well, but hopefully this post is enough to teach you the basics about SPF. The SPF project is a great resource and the section on record syntax goes into much more detail about the different parts of the SPF record.


1) SPF Project 
2) Explaining SPF

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.