Sender Policy Framework (SPF) Explained

Overview

This articles explains what is a Sender Policy Framework (SPF) and its importance.

Sender Policy Framework (SPF) is an open standard aimed at preventing sender address forgery.

For instance, if you are using Elina to send your marketing emails, you would want to include Elina as approved senders. This way, receiving mail servers can cross-check that the email originated from a server that has permission to send on your behalf. If the message originates from a server that’s not on your list, then the receiving server can consider it a fake and treat it accordingly.

An important aspect to understand about SPF is that it does not validate against the From domain. Instead, SPF looks at the Return-Path value to validate the originating server. What’s a Return-Path? Good question. It’s the email address that receiving servers use to notify the sending mail server of delivery problems, like bounces. So an email can pass SPF regardless of whether the from address is fake. The problem with this limitation is that the From address is what recipients see in their email clients. Furthermore, even if a message fails SPF, there's no guarantee it won't be delivered. That final decision about delivery is up to the receiving ISP.

Why are SPF records important?

SPF records prevent spammers from sending messages with bogus From: addresses attached to your domain.

Have you ever received one of those nonsense emails that looks like it's from PayPal, but is actually from a spammer posing as PayPal? This is called a "spoof" email, because it's quite easy to fake the domain associated with an email (like PayPal in this case). SPF was created to combat these sorts of fake sender issues.

elina sends emails on your behalf when you reply to a customer. For the sake of illustration, let's say your mailbox address is info@domain.com. When you reply to a customer and the email goes out, the customer's server will ask the following questions:

Who sent this email?
Does the sender have permission to send on behalf of this domain?

In our example, the "who" is support@domain.com and the "sender" is elina. Without an SPF record specifying elina as an approved sender, it's likely your email will be marked as spam. If there is an SPF record that includes elina as an approved sender, then it's virtually guaranteed to skip the spam filter. That's why this is so important!

WHAT DO I NEED TO DO TO MAKE SURE ELINA EMAILS DO NOT GO TO SPAM?