SPF CollageI get this question a lot from customers: "Why do I keep getting bounces from emails that I never even sent?!??!"

To answer them, I've come up with this little story to help illustrate what is happening in the email world that causes this.

Imagine a guy in Texas wants to send out some advertisement about his new Widget. He makes the ad, buys the stamps from the post office, stuffs the envelopes, but when it comes time to putting the return address label on, he puts YOUR address. Now, he drops these into his mailbox and the post man comes and picks them up. As the post office tries to deliver these advertisements, any addresses they can't reach are returned to the sender, or in this case, to YOU. So even though you had nothing to do with the Widget advertisements, you start getting all of these "Return To Sender" pieces of mail in your mailbox.

That is essentially what's happening here. Spammers are sending out email but saying that it came from you. There is a fix for the problem, that works really well. It is called Sender Policy Framework (SPF). Going back to our real world post office example...

SPF is like making a list of every place in the world you would ever send mail, and then giving it to every postman with a note that says: "Hey, if you get any mail that says I am sending it but you didn't pick it up from one of these mailboxes, don't take it!" It works really well because now when the post man comes to the Widget man's home and sees your return address on it, he'll check your SPF and see that this home isn't on it, at which point he will not take or deliver the mail.

Currently about 80% of all email servers in the world recognize and actively use SPF, so it's not a 100% fix, but it definitely helps. If you want more information about how to setup SPF, you can visit the Open SPF Project which will show you how to set up SPF for your domain.