Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain.
en.wikipedia.org/wiki/Sender_Policy_Framework#contentSub
This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection.
en.wikipedia.org/wiki/Sender_Policy_Framework#contentSub
If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header.
To authenticate the email address which is actually visible to recipients on the "To:" line, other technologies such as DMARC must be used.Forgery of this address is known as email spoofing, and is often used in phishing and email
spam.
en.wikipedia.org/wiki/Sender_Policy_Framework#contentSub
The list of** authorized sending hosts** and IP addresses for a domain is published in the DNS records for that domain.
en.wikipedia.org/wiki/Sender_Policy_Framework#contentSub
Sender Policy Framework is defined in RFC 7208 dated April 2014 as a "proposed standard".
en.wikipedia.org/wiki/Sender_Policy_Framework#contentSub
The Simple Mail Transfer Protocol permits any computer to send email claiming to be from any source address.
This is exploited by spammers and scammers who often use forged email addresses, making it more difficult to trace a message back to its source, and easy for spammers to hide their identity in order to avoid responsibility.
It is also used in phishing techniques, where users can be duped into disclosing private information in response to an email purportedly sent by an organization such as a bank.SPF allows the owner of an Internet domain to specify which computers are authorized to send mail with envelope-from addresses in that domain, using Domain Name System (DNS) records.
en.wikipedia.org/wiki/Sender_Policy_Framework#Principles_of_operation