Unintended effect of using SPF to restrict email

Unintended effect of using SPF to restrict email

View profile for David Gilroy
  • Posted
  • Author

Sender Policy Framework (SPF) is a DNS technology designed to improve the authenticity of email by  basically telling the world "if you get an email from us that doesn't come from server xxxxxx then it's not us".  At first glance this approach sounds ideal because it prevents people sending email out from their own email servers pretending to be you.

However there is a catch. Use of SPF will normally also prevent others from forwarding your email successfully. It's commonplace nowadays to receive email on a corporate server but then to forward it to services like gmail or icloud. In that scenario, by the time the email arrives at Gmail or iCloud it is seen as having come from us not you which violates your SPF policy the result of which is it that the email gets rejected.

For more information see http://en.wikipedia.org/wiki/Sender_Policy_Framework#Controversy - in particular the third point. Blocking this sort of forwarding is the Achilles heel of SPF (also messes up mail discussion lists) and is probably the main reason it isn't as widely deployed as you might otherwise expect.

My advice is to consider not using SPF in this way - it will impact many of your intended recipients not just us.