To schedule an appointment, please send an email indicating:

• Your name
• Your media outlet
• Article topic
• Deadline
• Best method of contact

We attempt to respond to all inquiries within 24 hours; if your deadline is within 24 hours, please indicate the deadline in the message Subject.

SPF was not Meng Weng Wong's idea. He first learned about Hadmut Danisch's RMX on Slashdot in April 2003, and about Gordon Fecyk's DMP shortly thereafter. The core idea felt right and Pobox.com quickly became an enthusiastic champion. Ultimately, Meng had a different emphasis and so, SPF was born. That was in June 2003.

From the beginning SPF has focused on getting domain owners to publish records. Meng's early insight was that momentum in record publishing was the way to break through the chicken/egg problem that is fundamental to SPF and similar technologies. There is no incentive for mail receivers to check SPF if no one is publishing them. There is little incentive for domain owners to publish SPF records if no one checks them, other than the cyberspace equivalent of posting a "no trespassing" sign. As a result, SPF has accepted significant complexity for mail receivers in order to make it easier for domain owners to publish SPF records. This is the key philosophical difference between SPF and its predecessors.

Over the summer and fall of 2003, SPF evolved rapidly with many people making many contributions, both in ideas and in helping writing the SPF specification. In early December, 2003, a "frozen" specification for SPF was announced. At the same time, a push was made to have SPF implementations written and for people to start publishing SPF records. Since then, SPF has become a strong force in the e-mail anti-forgery field, with thousands of new domains publishing records each month. Currently more than 1 million domains representing, by some estimates, more than one third of all e-mail traffic, publish SPF records.

In May 2004, Pobox.com issued a joint proposal with Microsoft to attempt to combine SPF with Microsoft Caller ID for E-mail. This was one of the input documents for the MTA Authorization Records In DNS (MARID) working group chartered by the IETF to develop an internet standard. This proposal, while inheriting many key ideas from SPF, was radically different at a technical level. It focused on addresses in the body of the e-mail rather than in the e-mail envelope as SPF and its predecessors had done.

• June 24 2004: SenderID draft submitted to IETF
• May 25 2004: SPF and CallerID reconcile differences

Ultimately, this effort to merge the two technologies failed. It failed due to both technical and patent license issues. The MARID working group was closed and the different parties were encouraged to submit their proposals to the IETF as independent, experimental standards. As a legacy of this attempted merger, Microsoft Caller ID for E-mail is now called Microsoft Sender ID and the DNS records it uses are called 'SPF 2.0' and utilize a similar syntax.

Post-MARID, the SPF community reorganized to be independent of any single corporate entity. Substantial effort went into finishing the original vision of SPF - an anti-forgery technology that could be used during an SMTP transaction to decide before a message is delivered if it is from an authorized sender or not. This effort is often referred to as SPF Classic to distinguish it >From the failed merger attempt with Microsoft Caller ID (Sender ID).

As with any long-standing project, the involvement of people changes over time. After MARID related efforts were wrapped up, Wayne Schlitt, the current president of the SPF council, took over the SPF internet draft editor role. Due to his efforts as both a developer of an independent C SPF checking library and the SPF test suite, Wayne was well positioned for this role. Currently Meng and Wayne are the co-authors.

SPF benefited significantly from the external review and insight provided by the IETF MARID working group. SPF as it stands today is a more robust and reliable protocol that has proven its ability to protect both Mail From: and HELO/EHLO e-mail identities from forgery. While effective, it is a complex technology. Work in the SPF community continues to develop tools and documentation to make SPF more accessible to less technically inclined domain owners, to gather data, and to develop lessons learned to support the eventual transition to a standards track internet standard (RFC).

• September 22 2004: MARID Closing announcement
• December 22 2004: SPF Council elected and organized
• March 23 2005: SPF for e-mail is an independent standard
• June 24 2005: The IETF has accepted the SPF specification for RFC status!

SPF publishing is supported by every major type of DNS software. Most commercial providers of DNS services support publishing SPF records.

SPF checking is supported by all major mail server programs either natively or through add-on programs. SPF records can be checked with Sendmail, Postfix, Exim, Q-mail, Courier, Microsoft Exchange, Santronics Wildcat!, and many others.

SPF checking is also utilized by various anti-spam solutions as a part of a larger spam detection architecture, most notably SpamAssassin, starting with version 3.0.

SPF is by far the most deployed e-mail anti-forgery technology today. It is an open technology that is free of intellectual property encumbrances. The SPF community is strongly committed to the idea that key pieces of internet infrastructure such as e-mail forgery prevention MUST be kept open to implementation in all systems, both Free/Open and proprietary.