Q:
I’ve spoken with several folks and am still confused about whether or not SenderID is actually needed when sending to MSN/Hotmail.
What’s the verdict? Is SenderID dead? Do spfv2 records need to be published? Is it sufficient to just publish SPF (v1) records when sending to MSN/Hotmail?
Sincerely confused on this one…
A:
I was intrigued by this question, as it was not something I had ever been told while working with the support teams at Hotmail, so I sent a note off to my contacts within Microsoft and got back the official word;
“In the majority of cases, using the SPF record will satisfy both SPF as well as SenderID verification within the Hotmail systems. Organizations that wish to publish a SenderID record are encouraged to do so. This second record will be used for SenderID validations, of the PRA domain only, and will take precedence over the classic SPF record.”
Conclusions:
- SenderID is not dead – in fact it’s still the one method used by Hotmail’s authentication services.
- SPF (v1) implementations will continue to validate the MAIL FROM domain unless the sender has published a spf2.0/pra record.
- Publishing both records is not going to hurt your delivery to Hotmail.
- SPF is still being checked in the absence of SenderID – SPF is supported ongoing because most senders don’t have just a 2.0 record yet.
- While only one records is sufficient, my recommendation continues to be publish both, as some other ISPs continue to pick one over the other.
Is there evidence of anyone besides Microsoft checking SenderID?
If not, what’s the point of doing both?
SenderID-compliant SPF records are absolutely fine for Hotmail.
In fact, when you submit them to the MS Hotmail/Windows Live cache they ask for SPF records, not SenderID (SPF2) records).
https://support.msn.com/eform.aspx?productKey=senderid&ct;=eformts
Anonymous – The ESPC [http://www.espcoalition.org/ESPC_Authentication_Report.pdf] shows that AOL/Netscape/CS/AIM, United Online (Juno/NetZero) and Microsoft (MSN.com/Hotmail) and partners (Sympatico) are all checking SID and SPF.
Spamfighter – I believe this is because the number of domains only publishing SPF still out number those publishing SID or both.