Q&A | Is SPF2.0 Dead?

I’ve spoken with several folks and am still confused about whether or not SenderID is actually needed when sending to MSN/Hotmail.

What’s the verdict? Is SenderID dead? Do spfv2 records need to be published? Is it sufficient to just publish SPF (v1) records when sending to MSN/Hotmail?

Sincerely confused on this one…

I was intrigued by this question, as it was not something I had ever been told while working with the support teams at Hotmail, so I sent a note off to my contacts within Microsoft and got back the official word;

“In the majority of cases, using the SPF record will satisfy both SPF as well as SenderID verification within the Hotmail systems. Organizations that wish to publish a SenderID record are encouraged to do so. This second record will be used for SenderID validations, of the PRA domain only, and will take precedence over the classic SPF record.”


  • SenderID is not dead – in fact it’s still the one method used by Hotmail’s authentication services.
  • SPF (v1) implementations will continue to validate the MAIL FROM domain unless the sender has published a spf2.0/pra record.
  • Publishing both records is not going to hurt your delivery to Hotmail.
  • SPF is still being checked in the absence of SenderID – SPF is supported ongoing because most senders don’t have just a 2.0 record yet.
  • While only one records is sufficient, my recommendation continues to be publish both, as some other ISPs continue to pick one over the other.

Author: Matt V - @emailkarma

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (Canada) (CIPP/C) with nearly two decades of experience in email marketing. Matthew is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee. Matthew was recognized as the 2019 eec thought-leader of the year.

Share This Post On


  1. Is there evidence of anyone besides Microsoft checking SenderID?

    If not, what’s the point of doing both?

    Post a Reply
  2. Anonymous – The ESPC [http://www.espcoalition.org/ESPC_Authentication_Report.pdf] shows that AOL/Netscape/CS/AIM, United Online (Juno/NetZero) and Microsoft (MSN.com/Hotmail) and partners (Sympatico) are all checking SID and SPF.

    Spamfighter – I believe this is because the number of domains only publishing SPF still out number those publishing SID or both.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.