Get your Sender ID on!

If there’s one thing I wish somebody would have warned me about a few months ago, it’s this: Get proactive with Sender ID, and do it NOW!

Sender ID suddenly just became a big deal at Hotmail. If you don’t have a Sender ID record, or you don’t have it exactly right, get a move on! If you don’t, you’re going to eventually run into issues trying to get mail into the Hotmail inbox.

Here’s what you need to do, in three easy steps:
  1. Create an SPF record. Go here. Put in every IP or netblock allowed to send mail on your behalf. Include a reference to your ESP or outsource providers. Take the record you create and drop it in as a DNS text record for your domain. Need examples? Look up the SPF record for other people’s domains to get an idea of how they do it.
  2. Make sure it covers your PRA (visible from domain), too. This is the important bit. An email sent to Gmail will pass an SPF check just fine with the record covering your MFROM (return path domain or bounce domain). That doesn’t mean it covers your visible from domain (PRA). If your visible from domain isn’t covered by an SPF or Sender ID record, Hotmail problems will follow.
  3. Test it. For work, I built an SPF/Sender ID/DomainKeys tester that we use for this. But, for the rest of y’all, I recommend using this tool from Return Path. It’ll break down PRA and MFROM results. Make sure they both pass. If the PRA test fails, you mail is likely to fail at Hotmail, too.
Not everybody failing Sender ID (or choosing not to sign) is having delivery issues to Hotmail. But, it is proving to be a reputational black mark. For some folks, that’s enough to start causing problems. For others, less so-- today, anyway. Tomorrow will likely be a different story.

Remember: authentication matters. Read more on the topic, including overviews of SPF and DomainKeys, over on my other blog post.

(I'm muddling Sender ID and SPF a little bit here, in the interest of making this a short article. SPF and Sender ID are very similar; Sender ID is essentially the newer version of SPF. I've focused on putting in SPF records in place, because Sender ID is backwards compatible, and I've found it easier and quicker to do SPF alone, which covers me for both Sender ID and SPF, when done correctly.)


  1. I recently did a check on some various companies to see who has SPF setup. A lot do, but unfortunately, there's still a lot who don't. I think hosting companies should setup SPF by default. Many domains don't send mail at all, and they should especially want an SPF record setup.

    Unfortunately, for many banks, phishing problems and identity theft are issues only dealt with by the marketing department.

  2. I think just like with any new technology, there are a lot of people that don't quite get it yet.

    I take it you're in Australia, based on your testing? As your testing shows, the situation's better in the US. Just about every bank where you tested and found a positive results was represented at the recent Authentication Summit here in the US, and the word is slowly being spread.

    Also, compare this to where we were in 2005. Hotmail was pushing Sender ID/SPF, but hardly ANYBODY had implemented it then.


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.