How do I fight email forgery with SPF?

SPF or Sender Policy Framework fights e-mail forgery. It prevents unauthorized people from forging your email address. When you enable SPF, a DNS record is created to define IPs allowed to send mail from your mail domain. On receiving an e-mail from your mail domain, correspondent's server checks if the IP address that the e-mail's come from is listed in your SPF DNS record. If it's not, the e-mail will be rejected or flagged as suspicious.

E-mails sent to your mail domain will undergo similar check-up. Provided SPF in enabled on the sender's mail domain, e-mails coming from the IP that isn't listed in the senders SPF DNS record, will be rejected or flagged as suspicious according to your SPF policy configuration

SPF can be enabled/disabled for a mail domain and/or domain aliases with mail service or mail domain alias.

You configure SPF preferences when you enable SPF. Later you can change SPF configuration by clicking the Edit icon next in the mail domain/mail domain alias SPF entry:


Here you set SPF politics or recommendations on how mail received from your mail domain should be treated by correspondent's mail server. For example, by setting SPF mechanism prefix to fail you announce that any message received from this domain is a forgery and recommend corespondent's server to reject it.