From AutoSPF

The policy of mail legality defining (message sender verification) in AutoSPF algorithm is based on analysing the possibility of tie-up existing between a sender e-mail domain and transferring e-mail server. AutoSPF automatic sender verification technology is similar in many ways to SPF technology (Sender Policy Framework). In both cases DNS records are used for verification of messages issuing from the involved domain. In case of SPF technology application the administrator (owner) of the domain uses DNS to publish data describing potential e-mail sources which have sender addresses relating to the domain. In case of AutoSPF application it is considered that DNS records initially content enough information for sender verification. In te elementary case successful sender verification requires meeting 3 basic conditions:

1. There should be at least one MX record in an e-mail domain zone description (at the end of the sender's e-mail address);
2. Inverse resolving of the sender host name should be accomplished;
3. The sender host should have a record on one of the DNS servers supplying the e-mail domain zone.

By analysing DNS records, sender domain is checked on correspondence with address of the connecting server. I.e. the sender whos address is somebody@host.name can send an e-mail only through host.name domain mail server which would have DNS resolving and appropriate MX record corresponding to IP address of the connecting server.

In practice automatic sender verification algorithm looks a little bit more complex. At first stage a list of MX records in a mail domain zone description is analysed. Accomplishing direct name resolving for each of the indicated MX servers makes up a list of the domain mail servers. By comparing the sender's IP addresses with the resulting list's addresses we can determine whether the server belongs to the sender mail domain. The search could be finished here, but the reality shows that e-mail is often quite legally sent throuh relational nets, for example using provider e-mail service. Determining relational environment requires additional information, which in most cases is also contained in DNS records. In the case of using provider's mail (MX) server relational nets are usually supplied by the same name servers. Reasoning from the supposition, for a start we have a list of name servers (NS records) indicated in a mail domain zone description. To determine the sender's IP address connected name servers list we should create an inverse (PTR) record corresponding to the address. At the next stage we receive a list of name servers (NS records) indicated in the sender IP address inverse zone description. If at least one of the indicated name servers is present in the both zones, the sender is considered verified. At the last stage using inverse resolving of the sender IP address we determine domain name corresponding to the address. Then we get a list of name servers (NS records) indicated in the domain zone description and compare each of the found records with the corresponding records in the mail domain zone. If at least one of the indicated name servers is present in the both zones, the sender is considered verified.

All successful DNS queries are cached. A number of DNS queries per one connection usually does not exceed 20.