What is the difference between SPF results and SPF?

What is the difference between SPF results and SPF?

SPF Stands for Sender Policy Framework, it assists in adding restrictions on your DNS server and defines who can send email from your domain. Besides, SPF plays a vital role in preventing domain spoofing as it doesn’t allow unauthorized sources to use your domain.

SPF results and SPF are dependent on the SPF records and policies (relaxed or strict) you have configured. In the sources section, you will see that there are two SPF columns, here is a breakdown of what these two columns mean:


  • SPF domain: This column is the domain specified in your mail header as the return path header, envelope address or bounce address. This is the domain at the backend (of a 3rd party tool, etc) being used to send email from your From domain


  • From domain: This is the sending email address the recipient will receive email from. It will appear as the from domain in the email header.


  • SPF results: This column checks if your SPF domain is authorized to use the particular source to send email or not. It will display pass if the SPF record for the particular source is present over the DNS of your sending domain.


  • SPF: This column will pass if your From domain and SPF domain are aligned, and if they abide by the set SPF policy. If the return path is set then your From and SPF domain will match, and we say SPF is aligned. Next, it checks if they follow the below SPF policy:


Relaxed policy (alignment):

In this policy SPF domain and From domain must be an exact match or a parent/child match. This policy allows a subdomain to be used and still meet the domain alignment requirement.



SPF domain

From domain

SPF 

mail.example.com

example.com

pass

example.mail.com

example.com

fail

example.com

example.com

pass



Strict policy (alignment):

In this policy SPF domain and From domain must be an exact match for the SPF to pass.



SPF domain

From domain

SPF 

mail.example.com

example.com

fail

example.mail.com

example.com

fail

example.com

example.com

pass

mail.example.com

mail.example.com

pass




If the SPF passes, your DMARC will also pass. Hence make sure SPF is configured correctly.



    • Related Articles

    • What is the difference between DKIM results and DKIM?

      DKIM (DomainKeys Identified Mail) is an email authentication method which makes sure your messages aren’t altered during the transaction between the sending and recipient servers. Typically, DKIM provides a key and signature that makes a user ...

    • SPF DNS Lookup Limit?

      SPF DNS Lookup Limit – “Too many DNS lookups” error Due to the SPF specification limit, the maximum number of DNS lookups allowed is 10. The SPF will fail if your SPF record results in more than 10 DNS lookups. The mechanisms which are counted ...

    • Can We Setup DMARC Using SPF?

      Yes, you can set up DMARC without DKIM and even if you only have DMARC and SPF setup. In cases where the DKIM check fails, DMARC authentication is dependent on the SPF check and SPF identifier alignment, which works but is not that optimal. DMARC ...

    • How to Setup SPF for Forcepoint-Websense?

      Forcepoint-Websense supports SPF email authentication protocol. For sending DMARC compliant emails via Forcepoint, you would need to verify your domain on your Forcepoint account and publish a DNS TXT record that includes Forcepoint. Follow the steps ...

    • How Does SPF Compare To DMARC And Why Is DMARC Needed To Stop Domain Phishing And Spoofing?

      With this article, we will discuss what SPF does and what it does not: Does: SPF authenticates the sending server of the email based on the sending IPv4/IPv6 address. SPF focuses on a header that is not visible to the end-user (Return-Path, MAIL ...