The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, the current version of SPF — called SPFv1 or SPF Classic — protects the envelope sender address, which is used for the delivery of messages.
Common Types of E-Mail Abuse where the Sender Address is Forged
- Spammers want to avoid receiving non-delivery notifications (bounces) to their real addresses.
- Fraudsters want to cover their tracks and remain anonymous.
- Computer worms want to cause confusion or just don’t care about which sender addresses they use.
- Phishers (password fishers) want to impersonate well-known, trusted identities in order to steal passwords from users.
Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages.
You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address.
Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank never sends you information about your account by e-mail and keeps making a point of that fact.
Sender Addresses in E-Mails
Like paper mail letters, e-mail messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead.
The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e.g. to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.
The header sender address of an e-mail message is contained in the "From" or "Sender" header and is what is displayed to the user by mail programs. Generally, mail servers do not care about the header sender address when delivering a message.
For more information, please visit the home of SPF here:
If you are a client of The Holodyn Corporation and would like to improve your email security with the use of SPF records, please submit a support ticket request.
If you are a hosting provider using CPANEL and would like to learn more about installing SPF records for your clients, one great resource can be found here: