Problem solve Get help with specific problems with your technologies, process and projects.

Avoid phishing with e-mail authentication: The Sender Policy Framework

Learn how the Sender Policy Framework helps organizations avoid phishing.

What you will learn from this chapter excerpt: How the Sender Policy Framework helps organizations avoid phishing.

The Sender Policy Framework (SPF), formerly Sender Permitted From, is an extension to the older mail sending protocol, Simple Mail Transfer Protocol (SMTP), which provided almost no sender verification of e-mail. SPF makes it easy to counter most forged "From" addresses in e-mail, thus helping to counter e-mail source address spoofing.

When a user sends you mail, an e-mail server connects to your e-mail server. When the message comes in, your e-mail servers can, based on SPF published

E-mail Security School
Attend our on-demand E-mail Security School webcasts and learn tactics for securing your e-mail systems while earning CPE credits from (ISC)2.
addresses of its e-mail servers, tell if the server on the other end of the connection actually belongs to the sender.

AOL is a big supporter and deployer of SPF. It recently pulled out of development of Sender ID, another mail verification protocol. SPF is deployed around the world; the e-mail servers of more than 86,000 domains use the authentication technology, as of this writing.

SPF is not an IETF standard yet, but it has a good chance of becoming a standard, and will be submitted soon. SPF is not expected to totally eliminate spam, but it's another weapon in the fight against spam and phishing.

Some spammers love SPF

Although legitimate e-mailers are starting to quickly adopt SPF, apparently spammers are adopting it faster. A recent study by CipherTrust ( showed that 34% more spam is bypassing SPF checks than legitimate e-mail. This means that a spam message is three times more likely to pass an SPF check than to fail it, as long as the address is registered. As long as spammers comply with the protocol, register their SPF records and don't spoof the sender address, their messages will not be stopped. What this really means is that one e-mail authentication solution alone will not stop the tide of spam; it's just one part of a fraud and spam prevention program.


  The Sender Policy Framework (SPF)
  Cisco Identified Internet Mail

By Rachael Lininger and Russel Dean Vines
334 pages; $29.99
John Wiley & Sons
Read Chapter 6, Helping your organization avoid phishing
This was last published in May 2005

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.