14: Competent Spammers

Here’s a few words on the Sender Policy Framework, aka SPF, aka omg why please no no no.

SPF is often touted as an anti-spam measure. It isn’t. It’s one component of a spam assessment policy. Competent spammers are among the most reliable publishers of SPF records, gleefully declaring that any host may send mail for their domains. Emails from domains without SPF records are likely to be classified as spam, however.

When a MTA with basic spam protections receives an email, it performs an SPF check against the sender in the envelope. This is the email address used in the SMTP exchange’s MAIL FROM statement, not the sender address that the recipient’s client shows. This check passes or fails.

SPF checks are also performed against the visible From address. If the domains match, the message is said to be in SPF alignment. Alignment is important for DMARC, so it’s best to configure alignment from the beginning.

This week’s work has a lot of formatting, what with sample DNS records and defining variables and such. If you’re interested in running email, or in making running your own email more accessible, you could sponsor this book.