Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Sender Policy Framework
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Deployment== Anti-spam software such as [[SpamAssassin]] version 3.0.0 and [[Anti-Spam SMTP Proxy|ASSP]] implement SPF. Many [[mail transfer agent]]s (MTAs) support SPF directly such as [[Courier Mail Server|Courier]], CommuniGate Pro, [[Wildcat! BBS|Wildcat]], MDaemon, and [[Microsoft Exchange Server|Microsoft Exchange]], or have patches or plug-ins available that support SPF, including [[Postfix (software)|Postfix]], [[Sendmail]], [[Exim]], [[qmail]], and [[Qpsmtpd]].<ref>{{cite web|url=https://github.com/qpsmtpd-dev/qpsmtpd-dev/blob/master/plugins/sender_permitted_from|archive-url=https://archive.today/20130629083752/https://github.com/qpsmtpd-dev/qpsmtpd-dev/blob/master/plugins/sender_permitted_from|url-status=dead|archive-date=2013-06-29|title=Qpsmtpd SPF plugin|website=[[GitHub]] |year=2013}}</ref> As of 2017, more than eight million domains publish SPF FAIL <code>-all</code> policies.<ref>{{cite web|url=https://spf-all.com/stats.html|title=SPF -all Domain Survey|year=2017|access-date=2017-11-07}}</ref> In a survey published in 2007, 5% of the <code>.com</code> and <code>.net</code> domains had some kind of SPF policy. In 2009, a continuous survey run at Nokia Research reports that 51% of the tested domains specify an SPF policy.<ref>{{cite web|url=https://fit.nokia.com/lars/meter/spf.html|title=Nokia Research Report on SPF Adoption|archive-url=https://web.archive.org/web/20110920015908/https://fit.nokia.com/lars/meter/spf.html|website=Fit.Nokia.com|publisher=[[Nokia]]|date=2011-09-19|archive-date=2011-09-20|access-date=2016-04-05}}</ref> These results can include trivial policies like <code>v=spf1 ?all</code>.<ref>{{cite web |url=http://www.onlamp.com/pub/a/onlamp/2007/01/11/dns-extensions.html |title=Handicapping New DNS Extensions and Applications |first=Cricket |last=Liu |publisher=ONLamp |date=January 2007 |access-date=2007-10-04}}</ref><ref>{{Cite web|date=2020-12-04|title=SPF Authentication: SPF-all vs ~all|url=https://easydmarc.com/blog/spf-authentication-spf-all-vs-all/|access-date=2021-04-08|website=EasyDMARC|language=en-US}}</ref>{{update inline|date=March 2018}} In April 2007, BITS, a division of the Financial Services Roundtable, published email security recommendations for its members including SPF deployment.<ref>{{cite web |url=http://bitsinfo.org/downloads/Publications%20Page/BITSSecureEmailFINALAPRIL1507.pdf |title=BITS Email Security Toolkit |publisher=BITS |date=April 2007 |access-date=2008-06-13 }}</ref> In 2008, the Messaging Anti-Abuse Working Group (MAAWG) published a paper about [[email authentication]] covering SPF, [[Sender ID]], and [[DomainKeys Identified Mail]] (DKIM).<ref>{{cite web |url=http://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Authentication_Paper_2008-07.pdf |archive-url=https://web.archive.org/web/20130129170525/http://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Authentication_Paper_2008-07.pdf |url-status=dead |archive-date=2013-01-29 |title=Trust in Email Begins with Authentication |access-date=2011-07-28 |publisher=MAAWG |first=Dave |last=Crocker |date=March 2008 }}</ref> In their "Sender Best Communication Practices" the MAAWG stated: "At the very least, senders should incorporate SPF records for their mailing domains".<ref>{{cite web |url=https://www.maawg.org/sites/maawg/files/news/MAAWG_Senders_BCP_Ver2a-updated.pdf |title=MAAWG Sender Best Communications Practices Executive Summary|access-date=2012-04-27 |publisher=MAAWG |date=2011-10-07 }}</ref> In 2015, the Messaging Anti-Abuse Working Group (MAAWG) revised a paper about [[email authentication]] covering SPF, [[DomainKeys Identified Mail]] (DKIM), and [[DMARC]] (DMARC). In their revised "Sender Best Communication Practices" the MAAWG stated: "Authentication supports transparency by further identifying the sender(s) of a message, while also contributing to the reduction or elimination of spoofed and forged addresses".<ref>{{cite web |url=https://www.m3aawg.org/sites/default/files/document/M3AAWG_Senders_BCP_Ver3-2015-02.pdf |title=M3AAWG Sender Best Common Practices|access-date=2016-09-01 |publisher=MAAWG |date=2015-02-01 }}</ref> From February 1, 2024, [[Google]] requires SPF or DKIM for all domains sending emails to Gmail accounts. Bulk senders (5000+ emails per day) are required to have SPF, DKIM, and DMARC setup for their domains.<ref>{{cite web | url=https://support.google.com/a/answer/81126 | title=Email sender guidelines - Google Workspace Admin Help }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)