The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.i.e protects the envelope sender address, which is used for the delivery of messages.

The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e.g. to return the message to the sender in the case of a delivery failure. It is usually not displayed to the user by mail programs.

It prevents unauthorized people from forging your email address. When you enable SPF, a DNS record is created to define IPs allowed to send mail from your maildomain. On receiving an e-mail from your maildomain, correspondent’s server checks if the IP address that the e-mail’s come from is listed in your SPF DNS record. If it’s not, the e-mail will be rejected or flaged as suspicious.E-mails sent to your maildomain will undergo simlar check-up. Provided SPF in enabled on the sender’s maildomain, e-mails coming from the IP that isn’t listed in the senders SPF DNS record, will be rejected or flaged as suspicious according to your SPF policy configuration.
SPF can be enabled / diabled for a mail domain and/or domain aliases with mail service or mail domain alias.

SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain’s DNS zone, and when someone else’s mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain’s stated policy. If, e.g., the message comes from an unknown server, it can be considered a fake.

Once you are confident about the authenticity of the sender address, you can finally “take it for real” and attach reputation to it. While IP-address-based reputation systems like Spamhaus or SpamCop have prevailed so far, reputation will increasingly be based on domains and even individual e-mail addresses in the future, too.

We use the following terminology to try and simplify the descriptions below:

1. sender – the full email address of the originator of the mail item (typically uses return-path in the actual SPF checks)
2. source-ip – the IP address of the SMTP server trying to send this message
3. sender-domain the domain name part of the sender’s email address e.g. assume the sender is info@example.com the sender-domain is example.com.

Format of SPF :

v=spf1 [[pre] type ] … [mod]

Example of SPF :

example.com. TXT “v=spf1 mx a:pluto.example.com include:gmail.com -all”
where,

1)v=spf1
It is Mandatory. Defines the version being used. Currently the only version supported is spf1.

2)pre
It is Optional . pre defines the code to return when a match occurs.

3)mx
The incoming mail servers (MXes) of the domain are authorized to also send mail for example.com

4)a
The machine is authorized or not.

5)include
Mail from example.com originate through servers belonging to some other domain?
(like ISP)

6)all
All other machines are not authorized.