SPF stands for Sender Policy Framework, and is an extension of SMTP that stops e-mail spammers from forging the “From” fields in an e-mail. As SMTP itself does not carry an authenticating mechanism, the SPF extension provides the authentication scheme by specifying which computers are authorized to send email from a specific domain. In order to use SPF, the domain sending e-mails must establish an SPF record that is published in DNS records. When the e-mail passes through the DNS server, it is compared to the SPF record for that domain to determine if the sender is indeed authorized to transmit e-mails from that sender’s address. If the e-mail comes from a domain that is not authorized, the DNS server will not forward the e-mail to the expected destination.
SPF is one method that can be used to stop spam from being sent using unauthorized domain names. However, it should be noted that SPF only stops the spammer from forging the “From” field in the e-mail and does not stop the spammer from sending e-mails from a domain in which it is a member.