W3C has deployed SPF (Sender Policy Framework) to prevent email forgeries. Our mail hubs reject forged mail according to SPF records published by domain owners, and we have published SPF records indicating which servers are authorized to send email claiming to be from w3.org. See below for more information about:
If you are concerned about email forged to appear from your site, you can publish an SPF record (or ask your system administrators or ISP to publish one on your behalf) and our email servers will automatically start to reject forgeries that claim to be from your site.
This endorsement is not without some reservations. While Jonathan de Boyne Pollard's essay on problems with SPF overstates the case in some places, the point about squatting on TXT records is a concern we share.
provides a list of servers that are authorized to send mail on behalf of w3.org.
This record ends in
~all, which means "softfail".
Due to issues with SPF and mail forwarding, we intend to leave our SPF
record in this state for the forseeable future, so our record is useful
mainly for whitelisting. (mail with an 'SPF pass' status from w3.org is
most likely legitimate, but other mail can be subject to more scrutiny,
e.g. using heuristic-based filters.)
indicate that those domains are never valid senders of email, so any mail claiming to originate there should be rejected.