Understanding SPF

Improving Deliverability and Protecting Your Business

At AdvertNama we believe that email is an extremely powerful and valuable tool for marketing, but only when used in the right way. As such we fully support measures that aim to defend users from unwanted emails and protect the legitimate use of email for marketing purposes.

One way to do this is by participating in the Sender Policy Framework (SPF), which is an open standard method of allowing the senders of emails to verify that they are who they say they are. This is important as most abuse of email (spam) is generated by people using false addresses to hide their identity.

What Is SPF And What Is It For?

SPF is not directly about stopping spam – junk email, but rather is an attempt to control forged email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t.

SPF was created to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly.

SPF is a protocol developed by a group of motivated volunteers, joined by a mutual desire to improve the operation of the internet. It is not a commercial product offered by a for-profit corporation.

What Does SPF Actually Do?

The ability to ‘forge’ emails is perhaps not that surprising. After all in the real world anybody can write a letter and put your name and address at the top, and so it is with email. But in the real world it’s usually much easier to tell what is a genuine communication and what is not.

Say for example a spammer decides to send messages that appear to come from your domain. This may be to take advantage of the good name of your business, or simply to hide their tracks. To a recipient they will look for all intents and purposes as if they have come from your business.

However there is a tell tale sign. The spammer, not having access to your servers will have connected to the internet from somewhere else.

So the SPF works a bit like the online equivalent of your corporate headed paper or branded envelopes. By having an SPF record you can provide a list of legitimate sources for emails from you domain. That way, recipients, or more likely their ISPs, can check to see if email is genuine or forged.

Do I Have To Use SPF?

SPF is a tool for the domain owner. If you are the domain owner and you administer your own domain(s) you have the option to implement SPF or not. If you do not, your domain will be vulnerable to hackers or spammers who wish to use your domain as a “cover” for their possibly illicit activities.

If you do not directly administer your domain(s) the choice of whether or not to implement SPF may be limited by your domain’s administrator, however, you may, still participate in this decision by having your administrator modify or delete your SPF record or switching to an administrator that will. Deleting your SPF record, however, will leave your domain more vulnerable to abuse.

What Does This Have To Do With Me?

Putting an SPF record on your server is important for a number of reasons. Firstly it helps prevent unscrupulous individuals from sending forged emails that appear to come from your business. This will help to prevent fraud against your customers and protect your reputation.

Secondly it means that if you undertake email marketing then it is more likely to reach your customers. Without an SPF record how will recipients or their ISPs know that emails from your domain are genuine? This is even more important if these emails are being sent by a third party.

That’s why whenever we take on a new client, we work with them to ensure that they have an appropriate SPF record in place, and that it reflects the fact that we will legitimately be sending emails from our servers on their behalf.