Home Page

VPN & Cryptography


Email & Spam

Security Topics


Email Spam

Zero Day Window


Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails


Email Throttling

What is Spam

Whitelists and Blacklists



Reverse DNS Lookup and Sender Policy Framework


Reverse DNS

Reverse DNS lookup is another commonly used approach in combatting malicious emails and SPAM. Reverse DNS Lookup determines the host associated with a given IP address. If an email from externalcompany.com with a source IP address of is delivered to the anti-spam security gateway where Reverse DNS lookup feature was enabled, the Reverse DNS lookup feature will check the IP Address is actually associated with where it says it is from, in this example, externalcompany.com. If this is not the case, it is assumed the email has been spoofed, and the email will be classified as spoofed email or spam.

Sender Policy Framework (SPF)

Reverse DNS is sometimes a problem for some organisations that send emails from multiple source addresses. DNS only registers a single IP address with the DNS name. Some organisations send emails from multiple hosts, therefore sourcing emails from multiple IP addresses using the same domain name. This can be achieved with the use of a feature called Sender Policy Framework (SPF), which ensures the destination anti-spam solution permits emails from multiple sources using the same domain name.

The owner of a domain will publish an SPF record which will consist of authorised senders. When these records are published, the receiver can check the sender's records to see if it is associated with that domain, and when the SPF records specify this is the case, the email is accepted. The SPF record will prove this is a trusted sender for that domain.

Further Reading

Wikipedia's guide to Reverse DNS Lookup