IP spoofing forges, or "spoofs," the source address in the header of an IP packet to make it appear to have originated...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
from another machine -- the source address being the address from which a packet was sent. In order for spammers to use this technique, they would have to spoof the entire TCP sequence, which is highly unlikely and hasn't been seen in the wild.
If somebody could come up with such an attack, then yes, he or she would be able to pass through an SPF check, as long as the spoofed IP address matched that of a machine genuinely allowed to send mail for that domain and email address. Email spoofing, on the other hand, is extremely common, and SPF plays a role in preventing this source of spam. Email spoofing occurs when spammers alter the email header so the message appears to have originated from someone or somewhere else.
SPF provides a method whereby a mail server or mail transfer agent (MTA), when it receives an email, can confirm the sending server is authorized to send mail on behalf of that address. Domains publish Mail Exchange (MX) records in the Domain Name System (DNS), specifying which machines receive mail for the domain. SPF is basically a reverse MX record, specifying which machines are authorized to send mail from the domain. Published SPF records include attributes that uniquely describe an organization's email, including authorized senders and mail server IP addresses. Additional information on SPF can be found at Open SPF, which includes a comprehensive FAQ that reviews how to block large amounts of spam even before SPF checks occur.
To help reduce unwanted email, you should follow best practices, performing all spam-filtering tests and rejecting unwanted incoming emails while the sending server is still connected. If your server accepts an email and then decides it's spam, any reply to the sender's address indicating the message failed is likely to be to a valid but forged address. This is known as email backscatter and is a problem in itself.
SPF checks require DNS queries, which are somewhat computationally expensive. If you can't reject email at the SMTP connection, you should reduce the amount of backscatter by sending emails using schemes such as Bounce Address Tag Validation, a mechanism for assessing the validity of an email's envelope return or bounce address.
If email authentication becomes universal, then spammers will have a much tougher time getting their emails delivered. If you're interested in learning more about the various emerging methods of authenticating email, check out the Messaging Anti-Abuse Working Group white paper, Trust in Email Begins with Authentication, which was published last year.
Dig Deeper on Email Security Guidelines, Encryption and Appliances
Related Q&A from Michael Cobb
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.