DHCP snooping will drop DHCP messages from a DHCP server that is not trusted. Trusted DHCP servers are identified by configuring a switchport’s DHCP snooping trust state. DHCP server messages can flow through switchports that have a DHCP snooping trusted state. DHCP server messages will be dropped if attempting to flow through a switchport that is not trusted.
Learn more: how DHCP works?
DHCP messages where the source MAC and embedded client hardware MAC do not match will also be dropped, although this protection can be defeated; badly written vendor IP implementations can cause this to happen with a surprising amount of frequency, the most common scenario being a DHCP request for one interface being forwarded through another interface on that same device.
DHCP snooping will also drop messages that release a lease or decline an offer, if the release or decline message is received on a switchport other than the port that the original DHCP conversation was held. This prevents a third party from terminating a lease or declining a DHCP offer on behalf of the actual DHCP client.