What is a Sender Policy Framework?

Spam is a common complaint among email users. The sender policy framework is a way to help prevent spam. It allows administrators to create a record stating which computers are allowed to send email using a specific domain name. Received emails can then be checked against this list to be sure the email is legitimate.

The sending and receiving of email is governed by simple mail transfer protocol (SMTP). This protocol controls how mail is processed from the time it is sent to the time it is opened. One flaw in the SMTP system is that there is no way to verify that the person who sent an email is who he or she claims to be.

It is common for a spammer to send an email in which the header and return address have been doctored to look like they come from a legitimate company. This is called email spoofing. Spammers use these addresses to fool the receiver of the email into releasing private information or simply opening an email that has a virus or spyware bug attached to it. The sender policy framework was created to keep this from happening.

Every computer connected to a network is assigned an Internet protocol (IP) address. The sender policy framework functions by allowing administrators to register certain computers as authorized users for their domain names. The specific IP address of the authorized computers is then attached to the domain name. When an email exchanger receives an email from that domain name, it checks the IP address of the computer that sent the email. If the IP address is not on the list of approved computers, the email is not legitimate.

For example, an email user may receive an email asking her to confirm her account information with example.com. Before acting on the request in the email, the user wants to know if the email is legitimate. If the administrators of example.com have created a sender policy framework list, the user's email exchanger can check the source of the email against the list to see if it was sent by an approved computer.

The sender policy framework was first defined in RFC 821 in 1982. An RFC, or Request for Comments, is a memorandum released by the Internet Engineering Task Force in which new innovations and ideas about Internet standards are discussed. After review, some of these become part of the formal Internet standards.