About Sender Policy Framwork (SPF)

SPF is a means for e-mail providers to tell all the other mail providers in the world exactly which servers are allowed to send mail on behalf of their customers.

It does this by being part of the Domain Name System (DNS) — the worldwide system that turns names like skeena.net and google.com into the Internet protocol addresses that computers use. SPF "records" are little bits of text that mail servers can ask for when they go to look up a domain.

Whenever a mail server gets an e-mail that says it's from someone on a Skeena.net hosted domain (say, gitsegukla.org), that mail server looks up gitsegukla.org. It then asks what the SPF record for gitsegukla.org says; specifically, it asks whether the other server that's talking to it right now (and trying to send it mail from an @gitsegukla.org address) is allowed to do that.

The SPF record for gitsegukla.org (and all the other domains hosted by Skeena.net) says that only one computer, the Skeena.net mail server itself, is allowed to send mail from that domain.

The advantage of this is that whenever mail is sent from your address, the rest of the world can be very sure that it really came from you. Conversely, if someone (say, a spammer or a virus) tries to send mail with your address, the rest of the world can be very sure that it didn't come from you (and toss it in the trash automatically).

An important disadvantage is that if you use a friend's computer to send mail and use their e-mail program rather than webmail, or if you're travelling and use a hotel's local mail server to send, your mail will probably be rejected as fake (because those other mail servers are not in the SPF as allowed to send mail for your domain).

There is no convenient way to authenticate mail sent by other servers on your behalf — those other servers have no way of knowing who you are. Skeena.net knows who you are because you have to use your username and password when you send mail.

Fortunately, this isn't a problem — if you're travelling with a laptop, you can always reach Skeena.net's server over whatever Internet connection you happen to have available. If you're using someone else's computer, you can always use webmail — webmail will always pass SPF checks because it runs on our server.

More Information

If you're interested, the SPF website is at http://www.openspf.org.