Sender Policy Framework
Home > Security Definitions - Sender Policy Framework
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

Sender Policy Framework

Show me everything on Email and Messaging Threats (spam, phishing, instant messaging)

DEFINITION - Sender Policy Framework (SPF) is an anti-spam approach in which the Internet domain of an e-mail sender can be authenticated for that sender, thereby discouraging spam mailers, who routinely disguise the origin of their e-mail, a practice known as e-mail spoofing. SPF and other anti-spoofing initiatives, such as Domain Keys, work by making it easier for a mail server to determine when a message came from a domain other than the one claimed.

Here's how it works:

The SPF specification defines a policy framework, an authentication scheme, and a machine-readable language. Each participating domain declares attributes that uniquely describe their mail, including authorized senders. This description is represented in an SPF record, which is published in DNS (domain name system) records. An SPF client program performs a query searching for the correct SPF record, in order to determine whether a message comes from an authorized source. There are seven possible query results, including pass, which means that the message meets the domain's definition for legitimate messages; fail, which means that a message does not meet that requirement; and further stipulations for mail that doesn't fit either category, such as messages from domains that do not publish SPF data.

SPF and other authentication-based measures are designed to redress a vulnerability in Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, which does not include an authentication mechanism.

Learn more about Email and Messaging Threats (spam, phishing, instant messaging)
Chained Exploits: How to prevent phishing attacks from corporate spies: Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt, learn how to keep corporate spies at bay.
Voice over IP Security: VoIP Threat Taxonomy: In an excerpt from Voice over IP Security, author Patrick Park reviews VoIP threats, including spam, phishing and other threats against social context.
Email security test: Basics and threats: Test your knowledge of email security essentials with this fifteen-question quiz from Joel Snyder.
Hacker's Challenge 3: Big Bait, Big Phish: In this excerpt from "Hacker's Challenge 3," author Bill Pennington describes a situation in which an organization's network is attacked and customer data is compromised.
A Business Guide to Information Security: Threats and Compliance: This excerpt from "A Business Guide to Information Security," identifies six future risks to information security and how they will affect individuals and organizations.

LAST UPDATED: 29 May 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- The IETF provides an Internet Draft document of the SPF specification.
- Pobox.com provides more information.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
The world's top 5 riskiest domains
McAfee's 3rd Annual "Mapping the Mal Web" report highlights the domains with the most road hazards.
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents.
Top spammer gets four years in jail for stock fraud scheme
Alan Ralsky, the self-proclaimed "Godfather of Spam," was jailed for his role in a stock fraud spam scheme.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
CAPTCHA  (SearchSecurity.com)
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a test, used with challenge-response systems, that's...
challenge-response system  (SearchSecurity.com)




Get More Sender Policy Framework Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts