Sender Permitted From is an extension to SMTP, also called SMTP+SPF, designed to help relieve spam. It works by letting a domain specify who is eligible to transmit e-mail for itself, using special codes in the TXT DNS records.

The exact specifications may change, but as of writing, the records are laid out like this (in typical DNS-syntax):

wikipedia.org IN TXT "v=spf1 mx ptr default=deny"

"v=" defines the version of SPF used, the following words provides the methods to use to determine if a domain is eligible to send mail, and the "default=" defines how to treat non-matching hostnames.

The following methods are defined:

  • A - If the domain name has an A record corresponding to the sender's address, it will match. (That is, the mail comes directly from the domain name.)
  • MX - If the domain name has an MX record resolving to the sender's address, it will match. (That is, the mail comes from one of the domain's mail servers)
  • PTR - If the sender reverse-resolves to a domain ending in the domain name, match.
  • IP4 - If the sender is in a given IPv4 range, match.
  • IP6 - If the sender is in a given IPv6 range, match.
  • EXISTS - If the given domain resolves, match (no matter the address it resolves to).

SPF only keeps spammers from forging the domain names given in the From-addresses of an email, it does not keep them from sending from their own domains.

External Links