Home  › Email › Email Marketing

SPF: It’s Not Just a Good Idea

  |  August 2, 2004   |  Comments

Microsoft will soon check for SPF records on inbound e-mail. What does that mean for e-mail marketers?

Last week, Microsoft announced it will check for SPF records in all email coming into its Hotmail service, beginning October 1, 2004.

That’s all well and good, you may say, but what’s "SPF"?

Sender Policy Framework is one of several email authentication schemes that have been vying for attention and adoption during the past few months. Others include Yahoo’s Domain Keys and ePrivacy Group’s Trusted Email Open Standard (TEOS).

According to the SPF Web site, SPF:

Fights email address forgery and makes it easier to identify spams, worms, and viruses. Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish legitimate mail from spam before any message data is transmitted.

What does this mean? On the most basic level, SPF allows mail server administrators to assert "the mail server at this IP address sends email from x.com, y.com, and z.com." Thus, when an email arrives at the border of the receiving system, that system looks up, via DNS, to see whether an SPF record is associated with that IP address.

As the SPF site explains it:

SPF makes it easy for a domain, whether it’s an ISP, a business, a school or a vanity domain, to say, "I only send mail from these machines. If any other machine claims that I’m sending mail from there, they’re lying...."

And that’s it! SPF aims to prevent spammers from ruining other people’s reputations. If they want to send spam, they should at least do it under their own name.

SPF isn’t a great way to identify and stop spam in and of itself. But it is a fabulous way to authenticate the identity of email senders.

Authentication is important because it helps prevent transmission of email containing forged sender information, as with phishing and, indeed, most spam. Phishing is the act of sending email with an intentionally forged sender address, usually a well-known company. The phisher tries to get the target to follow a link and reveal sensitive information, such as a password or credit card information.

Microsoft’s announcement means that beginning in October, the company will check inbound email’s source IP address for an SPF record. In other words, Microsoft will check whether the person responsible for that outbound mail server has published an SFP record. E-mail that passes the SPF test will be passed through for delivery. E-mail that doesn’t pass this simple test must go through additional hoops before it can be delivered to the inbox.

Bottom line: If you haven’t already done so, publish an SPF record. It’s fairly easy. The good folks at SPF even offer a setup wizard. Give it a whirl!

Join us for Search Engine Strategies 2004 in San Jose, CA, August 2-5.

Vote for your favorite product or campaign from July 20 through close of business August 2.

ClickZ Live Toronto On the heels of a fantastic event in New York City, ClickZ Live is taking the fun and learning to Toronto, June 23-25. With over 15 years' experience delivering industry-leading events, ClickZ Live offers an action-packed, educationally-focused agenda covering all aspects of digital marketing. Register today!

ClickZ Live San Francisco Want to learn more? Join us at ClickZ Live San Francisco, Aug 10-12!
Educating marketers for over 15 years, ClickZ Live brings together industry thought leaders from the largest brands and agencies to deliver the most advanced, educational digital marketing agenda. Register today and save $500!


Anne Mitchell

Anne P. Mitchell is a professor of law at Lincoln Law School of San Jose, and president and CEO of the Institute for Spam and Internet Public Policy. In addition to her duties at the Institute, and teaching" Spam and the Law" at Lincoln, Anne is a driving force behind such cross-industry e-mail deliverability initiatives as the Email Deliverability Summits, the Email Processing Industry Alliance, and the ISIPP Sender Accreditation Database. Prior to running the Institute, she was an original founder of Habeas, Inc., and before that, the director of legal and public affairs for Mail Abuse Prevention System (MAPS), creator of the RBL(Realtime Blackhole List).

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!



Featured White Papers

Gartner Magic Quadrant for Digital Commerce

Gartner Magic Quadrant for Digital Commerce
This Magic Quadrant examines leading digital commerce platforms that enable organizations to build digital commerce sites. These commerce platforms facilitate purchasing transactions over the Web, and support the creation and continuing development of an online relationship with a consumer.

Paid Search in the Mobile Era

Paid Search in the Mobile Era
Google reports that paid search ads are currently driving 40+ million calls per month. Cost per click is increasing, paid search budgets are growing, and mobile continues to dominate. It's time to revamp old search strategies, reimagine stale best practices, and add new layers data to your analytics.




    • GREAT Campaign Project Coordinator
      GREAT Campaign Project Coordinator (British Consulate-General, New York) - New YorkThe GREAT Britain Campaign is seeking an energetic and creative...
    • Paid Search Senior Account Manager
      Paid Search Senior Account Manager (Hanapin Marketing) - BloomingtonHanapin Marketing is hiring a strategic Paid Search Senior Account Manager...
    • Paid Search Account Manager
      Paid Search Account Manager (Hanapin Marketing) - BloomingtonHanapin Marketing is hiring an experienced Paid Search Account Manager to...