What is Sender Policy Framework (SPF)?

SPF improves Deliverability of Email campaigns

Responsible email marketing is something we believe in. Which means we ensure that all campaigns we handle on behalf of our clients are legitimate campaigns to genuine opt0in users (we do not undertake spam mailing at any cost). We also ensure that we identify ourselves as legitimate email senders. One way to do this is by participating in the Sender Policy Framework (SPF). SPF is an open standard method of allowing the senders of emails to verify that they are who they say they are. This is important since most email abuse (spam) is generated by people who use fake email addresses to mask their identity.

What Is SPF And what is it used for?

SPF is not a means of removing spam or junk emails, but rather it is an attempt to control forged email. It is a means to allow domain owners a way to sign off which mail sources (the IP's from which legitimate mails may originate for their domain) are legitimate for their domain and which ones aren't.

SPF was created to help block the loopholes in email delivery systems that allow spammers to “spoof” your email address to send bulk emails illicitly as if you are sending these mails.

How does SPF work?

The ability to 'forge' emails is perhaps not that surprising. After all in the real world anybody can write a letter and put your name and address at the top, and so it is with email. But in the real world it's usually much easier to tell what is a genuine communication and what is not.

Say for example a spammer decides to send messages that appear to come from your domain. This may be to take advantage of the good name of your business, or simply to hide their tracks. To a recipient they will look for all intents and purposes as if they have come from your business.

However there is a tell tale sign. The spammer, not having access to your servers will have connected to the internet from somewhere else.

So the SPF works a bit like the online equivalent of your corporate headed paper or branded envelopes. By having an SPF record you can provide a list of legitimate sources for emails from you domain. That way, recipients, or more likely their ISPs, can check to see if email is genuine or forged.

Is it necessary to use SPF?

SPF is a tool for the domain owner. If you are the domain owner and you administer your own domain(s) you have the option to implement SPF or not. If you do not, your domain will be vulnerable to hackers or spammers who wish to use your domain as a "cover" for their possibly illicit activities.

If you do not directly administer your domain(s) the choice of whether or not to implement SPF may be limited by your domain's administrator, however, you may, still participate in this decision by having your administrator modify or delete your SPF record or switching to an administrator that will. Deleting your SPF record, however, will leave your domain more vulnerable to abuse.

Why is SPF important for email marketing?

Putting an SPF record on your server is important for a number of reasons. Firstly it helps prevent unscrupulous individuals from sending forged emails that appear to come from your business. This will help to prevent fraud against your customers and protect your reputation.

Secondly it means that if you undertake email marketing then it is more likely to reach your customers. Without an SPF record how will recipients or their ISPs know that emails from your domain are genuine? This is even more important if these emails are being sent by a third party.

That's why whenever we take on a new client, we work with them to ensure that they have an appropriate SPF record in place, and that it reflects the fact that we will legitimately be sending emails from our servers on their behalf.