The History of SPF
December 14, 1997
Jim Miller sends Paul Vixie an email with his idea on verifying SMTP MAIL FROM address from means of outbound-smtp MX dns records. Note: This event and the date are not confirmed by public records and are based solely on information provided by Paul Vixie.
March 27, 2000 – Public mention of the idea to create ‘MS’ (mail sender) DNS records
Bill Cole mentions on usenet newsgroup dedicated to discussions of spam an idea to create ‘MS’ (Mail Sender) DNS records to record outgoing email servers of a domain. Note: Mr. Cole later explained that this idea was mentioned in private to Paul Vixie by several other members of MAPS staff as well. Paul later wrote a draft about it crediting an idea to Jim Miller as the first person who told him about it.
June 1, 2002 – “Mail Transmitter RR” draft by David Green
David Green publishes his draft called “Mail-Transmitter RR” on name droppers mail list (the draft specifies new dns type MT dns RR but does not say what format it would have). Note: Of interest is this is the first public mention of the “Authorized-By” email header field which later appeared in other IETF drafts.
June 2, 2002 – “Repudiated MAIL FROM” draft by Paul Vixie
In response to David Green’s post, Paul Vixie sends to name droppers mail list a draft called “Repudiating MAIL FROM.”
December 3, 2002 – First RMX draft by Hadmudt Danish
Hadmut Danisch publishes as Internet Draft the first version of RMX (A DNS RR for simple SMTP sender authentication”). The draft specifies using new DNS RR type RMX to publish either one ip4 network block or redirection to APL record. Note: Hadmudt claims he was not aware of the either Paul Vixie’s or David Green’s drafts when he came up with the idea of RMX.
Mar 28, 2003 – First DMP draft by Gordon Fecyk
Gordon Fecyk publishes as Internet draft the first version (version 00) of “Designated Senders Protocol”. The draft proposed “DNSBL-like” format for authorizing use of RFC2821 MAIL FROM name:
${REVERSEDIP_1}.ds.client.smtp.tcp.${DOMAINNAME}. A 127.0.0.1
Later versions of the draft (from version 01 published on April 11, 2003) start using TXT dns record:
${REVERSEDIP_1}._smtp-client.${DOMAINNAME}. TXT “ds-allow”
As of version 02 of this draft, which was published on Apr 28, 2003 the name had been changed to “Designated Mailers Protocol” and thereafter many started to refer to it as DMP As of version 03 of fecyk-dsprotocol series drafts the format was changed to:
$REV-ADDRESS-1.$ADDRESS-TYPE._smtp-client.$FQDN. TXT “dmp=allow”
-archived from openspf.org
SPF (Sender Policy Framework) has been around for a long time and now enjoys a rich history reaching back to 1997. SPF Project history itself starts in June 2003.
June 10 2003 – Meng Weng Wong starts SPF-discuss mail list
In June 2003 Meng Weng Wong posted the very first version of “Sender Permitted From” as a first message on a new mail list. This text is clearly a derivative of DMP (90% same text as version 02 of dsprotocol draft with version incremented to 03 for SPF).
August 18, 2003 – “mx operator” option proposed by Wayne Schlitt
This might the first post by Wayne Schlitt to SPF, where he introduces idea of what later becomes SPF “mx” operator. Proposed syntax is: *._smtp_client TXT “spf=mx-only”
August 19, 2003 – “spf include” option proposed by David Saez
David Saez introduces “spf-include” option which also served as a start of when SPF becomes more than just “spf=allow” syntax. Proposed syntax is: spf-include = otherdomain.com
October 1, 2003 – Start of ASRG MAIL FROM proposals unification effort
Meng lets people on spf-discuss know that he agrees to merge SPF into unified proposal for checking MAIL FROM to be developed under as part of ASRG. However development effort on SPF itself continues as spf-discuss is a public discussion list open to all, where as ASRG was trying to do this as private discussion group with only published draft authors participating.
October 8, 2003 – Use of new RR instead of TXT proposed
Paul Wouters urges to use new DNS RR type instead of overloading TXT record. Meng ten days later also says SPF needs new RR type.
October 10, 2003 – SPF begins to resemble what you now know as v=spf1
Meng Weng Wong posts new concept unifying ideas posted by people on the list over previous 2 months and the syntax begins to look more like SPF (v=spf1) that we see today.
-archived from openspf.org
In 2004 the MARID working group came and went, leaving behind in its tumultuous wake several technologies: SPF and SenderID. Both technologies were transformed into Experimental IETF drafts: SenderID as RFC 4406 and SPF as RFC 4408. Many years later (in 2014) SPF was updated and republished as Standards Track RFC 7208.
The history of SPF as a technical document is quite dramatic. From an adoption perspective, SPF enjoys wide adoption due to a few events:
- In 2004 Microsoft announced support for SPF. This coincided with Microsoft’s involvement in the MARID working group.
- In 2006 BITS held meetings and published guidelines focused on the financial services sector to deploy SPF, DKIM, and TLS with an intention of enhancing email security. This work went a long way to legitimize the use of open standards in financial service-facing security frameworks.
Probably the biggest driver of SPF adoption happened around 2007: Hotmail let it be known that SenderID and/or SPF was needed to deliver email to hotmail.com recipients. This event pushed SPF into the realm of email marketers and common wisdom regarding how to get email delivered. SPF records became part of standard email setup instructions.
SPF has been around for a long time, but so have we at dmarcian, and we’re using DMARC to make SPF easy.
Before wasting time on the open internet trying to figure out SPF, give our resources a try.
Want to continue the conversation? Head over to the dmarcian Forum.