SPF (Sender Policy Framework) is the mechanism used to verify whether a sending mail server’s IP address is authorized to send email on behalf of a specific domain. SPF works through a DNS record (typically a TXT record) published by the domain owner. When a receiving mail server gets an email claiming to be from a domain, it checks the SPF record for that domain and compares the source IP of the sending server against the list of permitted IP addresses or permitted sending services. If the IP is listed (or matches an allowed range/mechanism), SPF passes; if not, SPF fails. This directly matches the question requirement: “verify that an emailer is allowed and designated to send emails from a particular IP address.”

The other options do not focus on authorizing an IP to send mail. DKIM uses cryptographic signatures to verify message integrity and that the message was signed by a domain’s private key, not to authorize a sending IP. DMARC is a policy framework that tells receivers what to do when SPF and/or DKIM fail and adds alignment rules and reporting. CNAME is a DNS alias record and is not an email authorization control. Therefore, the correct answer is SPF.