Definition of SPF (Sender Policy Framework)
This sender authentication technique is extremely easy to implement. The principle is simple: after extracting the sender’s domain (“MAIL FROM:” from the SMTP message envelope, not the “From:” field in the header), a TXT-type DNS query is performed on the domain in question to find out the list of mail servers authorized to send e-mails, and to compare it with the IP address of the server sending the message.
Unfortunately, however, this technology has a problem when it comes to email forwarding: in this case, the sending server is not necessarily the mail server of the original sender of the email. On the other hand, when setting up SPFs, you need to be exhaustive, otherwise the SPF rule will not be respected. In some architectures, it’s even preferable not to set SPF fields at all, rather than run the risk of not respecting it! To be sure, you can check the complete list of your sending servers via DnsLookup.fr (see #15 of http://dnslookup.fr/faq.php).