Email runs on a relaxing protocol, so that it’s much easier to be abused for evil purpose beyond your imagination. In previous post, we present a sample email with forged sender, and it’s really hard for common people to identify whether the email comes from the claim sender or not.
Since email can be simply forged by bad guys, how to identify the trusted sender of email? The related official organization created a new protocol years ago to achieve it: Sender Policy Framework (SPF).
The mechanism of SPF is very simple: the sender publishes its valid IP ranges as DNS Records, the receiver can know whether the email comes from claim sender, by checking sending server IP with published valid IP ranges.
Below diagram show how SPF works:
Mr. Post leverage this protocol to identify the trusted “Real Sender” and unveil the result when your mouse hovers the email address in “Real Sender” Section, marked with blue rectangle in below snapshot.
Actually, there will be three results of verification:
- Trusted – Pass the SPF checking, the “Real Sender” is verified;
- Untrusted – Failed the SPF checking, the “Real Sender” is forged;
- Unavailable – Original Sender doesn’t enable SPF checking;
With Mr. Post, it’s much easier for you to know who actually sent this email and then make a wise decision accordingly.