Sender Policy Framework (SPF)

What is Sender Policy Framework (SPF)?

SPF (Sender Policy Framework) is an email authentication standard that helps stop others from forging, or "spoofing", your email address.

SPF has been around for a number of years and has become increasingly important as more email providers enforce it. Technically, an SPF record is a special type of TXT DNS record. When added to a domain, it tells receiving mail servers which servers are authorized to send email on behalf of that domain.

How does SPF prevent spoofing?

Consider two rival companies, "companya.com" and "companyb.com". Without a valid SPF record for companyb.com, a malicious user at Company A could "spoof" an email that appears to come from a @companyb.com address. With a correctly configured SPF record in place, this is no longer possible - only authorized servers can send mail for that domain.

Why does SPF matter for cloud-hosted software?

Setting an SPF record also becomes important when using cloud-hosted software. For example, SaaS editions of MIDAS are each hosted on a *.mid.as subdomain, but customers usually want booking confirmation emails to come from their own organization's email address. To allow this, the customer adds their hosted MIDAS system to their own domain's SPF record, authorizing MIDAS to send email on their behalf.

SPF, DKIM, and DMARC

SPF is one of three email authentication standards that work together; the others are DKIM and DMARC. Configuring all three gives your booking emails the best chance of reaching the inbox. Read more on the importance of SPF.