Verification of email authenticity can be very technical and extremely confusing. Even the most experienced security professionals need help both to navigate this space and to explain it in digestible and precise terms to non-technical colleagues.

In Return Path, we believe that clarity is essential when it comes to communicating the value of email security.

Two Directions “FROM”

Email messages contain two “from” addresses: the “envelope of” (for example, the return path or mfrom) and the “header of” (for example, the friend of).

The “envelope of” is the return address: it tells the mail servers where to return or return the message. It is found in the header of the hidden email message, which includes the technical details that the servers use to understand who the message is for, what software was used to compose it, etc.
Email messages contain two “de” addresses: the “envelope de” and the “header de” (Click to send a tweet)

The “header of” address is an address contained in the From: field of an email, which is visible to all email users.

Both cybercriminals can fake these two addresses with relative ease. That’s where email authentication comes in.

SPF Sender Policy Framework

What Is It ?

SPF is an email authentication protocol that allows a domain owner to specify which mail servers they use to send mail from that domain.

How Does It Work ?

It works in the following way. Brands that send emails publish SPF records in the Domain Name System (DNS). These records list which IP addresses are authorized to send emails on behalf of their domains.

During an SPF verification, the email providers verify the SPF registration by looking for the domain name in the “envelope of” address in the DNS. If the IP address that sends the email on behalf of the “over from” domain does not appear in that SPF record, the message fails SPF authentication. The brands that send emails, list the IP addresses authorized to send emails on behalf of their domains.

Because It Is Important?

A SPF protected domain is less attractive to phishers or forgers and, therefore, is less likely to be blacklisted with spam filters, which ensures that legitimate email from that domain is delivered.