Posted August 31, 2007 9:45 am by with 4 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

According to a study conducted by email marketing experts Lyris, there is “an increasing reliance on the Sender Policy Framework (SPF) authentication method” to determine the legitimacy of inbound mail.

SPF is an open standard method to prevent sender address forgery. The solution to combat fake email works via a delivery policy specified in the domain’s DNS zone records. The receiving server can check whether a message has complied with the domain’s stated policy before conducting further checks.

The study, which monitored almost half a million messages, shows that permission-based email is delivered roughly 75 percent of the time to major ISP inboxes. Further examination showed a decrease in image spam and an increase in spam using PDF, PowerPoint or Excel files.

However, for marketers looking to improve deliverability of their campaigns, the most relevant finding was the appearance of SPF authentication checks in the list of the top 10 content triggers used by ISPs.

Stefan Pollard, Director of Consulting Services at EmailLabs, was surprised but positive:

This is the first time we’ve seen SPF checks start to creep into content filter tests… the good news is that it’s easy to fix… [and is] completely in the sender’s power

Tests conducted by common spam filters, like SpamAssassin, use point scoring systems determined by rule-weighting algorithms. Points are accumulated each time a message triggers a rule and SPF failure carries one of the heaviest penalties of all.

Fortunately marketers can easily check if they would pass or fail SPF authentication by simply looking at their message headers in the major Web-based email platforms (Hotmail, Gmail, Yahoo, etc.). The header should read “SPF PASS”.

For further information about SPF and other types of authentication, Lyris suggest reading the Direct Marketing Association’s How-To guide.


  • I can attest to the importance of SPF – and not just the protection it provides from the sun. 😉

    Someone was spoofing my email address and I was getting dozens of bouncebacks a day. I added an SPF record and that seems to have thwarted their efforts.

  • SPF has been around for some time now. It’s nice to see it becoming mainstream. Nothing better than technology solution to address a technology problem.

  • Very interesting, although they’ll find a new way to get by to users’ inboxes… they sure are creative, aren’t they?

  • When you mention that you, “added an SPF record and that seems to have thwarted their efforts,” how did you do that? Software? Configuration within your email? Other?