From: DeskNow Knowledge Base
http://www.desknow.com/kb/

What is SPF?
http://www.desknow.com/kb/idx/4/049/article/

SPF ('Sender Policy Framework') is a protocol that helps blocking emails where the 'From:' field is forged. This helps in fighting spam, as spammers often use forged from addresses.

Address forgery means that anyone can send you a message claiming it is from paul.mccartney@beatles.com (for instance) without being the real Paul McCartney, or even a Beatle!

This is a security flaw of the SMTP protocol.

When using SPF, DeskNow checks the IP address of the server that this messgae was received from. It then checks the DNS records of the domain beatles.com (in this example) to see if the IP address of the sending server is an authorized mail sender for that domain.

3 things (roughly) can happen:

  1. there is a record, and it says that the sender is an authorixzed sender. The message is accepted
  2. there is arecord, and it does not say that the sender is authorized. There are two variations of this (fail is strictly not authorized - softfail means roughly 'not sure'). DeskNow then can reject emails from this server. This is configured in the Admin / Antispam panel.
  3. there is not an SPF record. This is the most common case at this time, since SPF is not widely adopted yet. DeskNow in this case accepts the message, to avoid discarding valid emails

SPF is not the final cure to spam, but it helps.

This is just a quick overview. If you want to learn more about SPF, and to learn on how to publish the SPF record for your domain, see http://spf.pobox.com