SMTP SPF: Sender Policy Framework

SMTP SPF: Sender Policy Framework

This might be a duplicate post, but this is really, really important.

SPF uses an existing infrastructure (DNS) to determine if an inbound message is authentic or not.

The basic idea is companies add DNS info (TXT) that states the domains and IP addresses that are authorized to send mail on its behalf. A remote SMTP server will query DNS and compare the TXT data with the inbound header information (From, connection IP address). If the TXT data matches the header and IP info, the message is accepted, if not, the connection is dropped with an SMTP error.

The only problem I see is that the vast majority of companies barely know how to spell DNS. The ISP's and registrars are pretty good, but the 'unwashed masses' will need to get a clue pretty quickly. There is also the issue of SMTP server software getting updated to support SPF.

I will be testing this with Exchange and Sendmail in the near future.