Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1

Email on the Internet can be forged in a number of ways. In particular, existing protocols place no restriction on what a sending host can use as the "MAIL FROM" of a message or the domain given on the SMTP HELO/EHLO commands. This document describes version 1 of the Sender Policy Framework (SPF) protocol, whereby ADministrative Management Domains (ADMDs) can explicitly authorize the hosts that are allowed to use their domain names, and a receiving host can check such authorization. This document obsoletes RFC 4408.

[1]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[2]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[3]  Robert T. Braden,et al.  Requirements for Internet Hosts - Application and Support , 1989, RFC.

[4]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[5]  Keith Moore,et al.  An Extensible Message Format for Delivery Status Notifications , 1994 .

[6]  Gary Scott Malkin Internet Users' Glossary , 1996, RFC.

[7]  Paul Vixie,et al.  A DNS RR for specifying the location of services (DNS SRV) , 1996, RFC.

[8]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[9]  Dave Crocker,et al.  Augmented BNF for Syntax Specifications: ABNF , 1997, RFC.

[10]  Mark P. Andrews,et al.  Negative Caching of DNS Queries (DNS NCACHE) , 1998, RFC.

[11]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[12]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[13]  Gregory M. Vaudreuil,et al.  Enhanced Mail System Status Codes , 1996, RFC.

[14]  Keith Moore,et al.  Recommendations for Automatic Responses to Electronic Mail , 2004, RFC.

[15]  Derek Atkins,et al.  Threat Analysis of the Domain Name System (DNS) , 2004, RFC.

[16]  Hadmut Danisch The RMX DNS RR and method for lightweight SMTP sender authorization , 2004 .

[17]  John C. Klensin,et al.  Application Techniques for Checking and Transformation of Names , 2004, RFC.

[18]  Jeffrey C. Mogul,et al.  Registration Procedures for Message Header Fields , 2004, RFC.

[19]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[20]  Roy T. Fielding,et al.  Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.

[21]  Vince Fuller,et al.  Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan , 2006, RFC.

[22]  Meng Weng Wong,et al.  Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1 , 2006, RFC.

[23]  John Levine,et al.  Bounce Address Tag Validation (BATV) , 2006 .

[24]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[25]  Alexey Melnikov,et al.  SMTP Service Extension for Authentication , 2007, RFC.

[26]  Internet Architecture Board,et al.  Design Choices When Expanding the DNS , 2004, RFC.

[27]  Dave Crocker,et al.  Internet Mail Architecture , 2009, RFC.

[28]  Murray S. Kucherawy Message Header Field for Indicating Message Authentication Status , 2009, RFC.

[29]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification , 2010, RFC.

[30]  John C. Klensin,et al.  Internationalized Domain Names for Applications ( IDNA ) : Definitions and Document Framework , 2022 .

[31]  John R. Levine DNS Blacklists and Whitelists , 2010, RFC.

[32]  Randall Gellens,et al.  Message Submission for Mail , 2006, RFC.

[33]  Peter Saint-Andre,et al.  Deprecating the "X-" Prefix and Similar Constructs in Application Protocols , 2012, RFC.

[34]  Murray S. Kucherawy,et al.  Email Greylisting: An Applicability Statement for SMTP , 2012, RFC.

[35]  Scott Kitterman,et al.  Sender Policy Framework (SPF) Authentication Failure Reporting Using the Abuse Reporting Format , 2012, RFC.

[36]  Murray S. Kucherawy,et al.  Internet Engineering Task Force (ietf) Resolution of the Sender Policy Framework (spf) and Sender Id Experiments , 2022 .

[37]  Michael Graff,et al.  Extension Mechanisms for DNS (EDNS(0)) , 2013, Request for Comments.