Sender Policy Framework (SPF) is an email validation system that
detects spoofing and phishing by verifying servers that are authorized to send email
messages for
a domain. Using SPF, Deep Discovery Email
Inspector can verify the "envelop from"
addresses in email messages against a list of authorized sending IP addresses and
determine if an
email message has been forged.
SPF requires the owner of a domain to publish the email sending policy (for
example, which email servers are used to send email messages from that domain) in
an SPF record
in the Domain Name System (DNS). When Deep Discovery Email
Inspector receives an
email message claiming to come from that domain, Deep Discovery Email
Inspector
checks the SPF records to verify whether the email message complies with the domain's
stated
policy. For example, if the message comes from an unknown server, the email message
can be
considered as fake.
Evaluation of an SPF record can return any of the following results.
|
Result
|
Description
|
|
Pass
|
The SPF record designates the host to be allowed to send.
|
|
Fail
|
The SPF record has designated the host as not being allowed to send.
|
|
SoftFail
|
The SPF record has designated the host as not being allowed to send but is
in transition.
|
|
Neutral
|
The SPF record specifies explicitly that nothing can be said about
validity.
|
|
None
|
The domain does not have an SPF record or the SPF record does not evaluate
to a result.
|
|
PermError
|
A permanent error has occurred (for example, badly formatted SPF
record).
|
|
TempError
|
A transient error has occurred.
|