Sender Policy Framework(SPF) is an IP-based email authentication standard that helps protect senders and recipients from spam, spoofing, and phishing.

There are three steps of SPF verification workflow.

(1) By adding an SPF record to Domain Name System (DNS) TXT resource records, email administrators can provide a public list of senders that are approved to send emails from the current domain.

(2) When a receiving email service supporting SPF protocol receives an email, it will extract the domain name in SMTP MAILFROM command and query the SPF record in the TXT record of the corresponding domain name.

(3) Then, the IP address of the sending server is compared with the IP address lists in the SPF record. If the match is successful, then the email is considered the SPF verification is passed.

It is easy!

Email administrators only need to provide a domain name with an SPF record deployed to our online detection service, and the online detection service will automatically query the SPF record corresponding to the domain name, and perform grammar analysis on the SPF record to determine whether there exist grammar problems in the SPF record. At the same time, it will judge whether the current SPF record contains the IP addresses we obtained through the cloud service in our experiment.

The data contains over 100,000 IP address we obtained through the five types of cloud services in our experiment.