Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an open standard to prevent sender address forgery. The SPF protects the envelope sender address, which is used for the delivery of messages. Trend Micro Email Security enables you to configure SPF to ensure sender's authenticity.

The SPF requires the owner of a domain to specify and publish their email sending policy in an SPF record in the domain's DNS zone. For example, which email servers they use to send email from their domain.

When an email server receives a message claiming to come from that domain, the receiving server verifies whether the message complies with the domain's stated policy or not. If, for example, the message comes from an unknown server, it can be considered as fake.

Evaluation of an SPF record can return any of the following results:

Result

Explanation

Intended Action

Pass

The SPF record designates the host to be allowed to send.

Accept

Fail

The SPF record has designated the host as NOT being allowed to send.

Delete

SoftFail

The SPF record has designated the host as NOT being allowed to send but is in transition.

Accept

Neutral

The SPF record specifies explicitly that nothing can be said about validity.

Accept

None

The domain does not have an SPF record or the SPF record does not evaluate to a result.

Accept

PermError

A permanent error has occurred (for example, badly formatted SPF record).

Accept

TempError

A transient error has occurred.

Accept

Note:

If an email message passes the Sender IP Match check, Trend Micro Email Security skips its own SPF check as well as the SPF check of DMARC authentication for this message.