Sender ID is back!! No, wait...

Gossip has been flowing through the back channels lately suggesting that Microsoft might be checking Sender ID email authentication DNS records anew.

No...but. My answer to this is a little nuanced, so bear with me.

Not true: "Sender ID never really died, they're still checking it today!" That's a bit of conspiracy theory crossed with a bit of confusion. Those of us who have been around a while, we actually did see Sender ID die. It wasn't an illusion. It really happened. We were there. (So, yes, you should indeed still print that out and tape it to your forehead, as I said once before said on the Mailop list.)

So, don't start rush to start publishing an SPF2 record in DNS again. It's not worth the effort. It won't do anything. However...

Possibly true: "We think we've seen Microsoft check for an SPF record against the visible from domain." Whether or not this is true, I'm not sure. This is sort of like Sender ID, right? Sender ID was basically "SPF but for the visible from address domain."

Personally, I have very little experience troubleshooting delivery issues for domains lacking SPF, because I think it's a best practice to implement SPF, and so if I ever run into one when consulting with a client, one of my first recommendations would be that they publish an SPF record.

Thus, I can't tell you for sure if there is a correlation between "lack of an SPF record for a visible from domain" and "deliverability problems at Microsoft" but I do recommend you have an SPF record for your visible from domain anyway. I do believe that there are some filters out there that may check for it.

Also, it's something of a best practice for some of the savvier ISPs or blacklists to look for an SPF record for your visible from domain when compiling whitelists to special case mail from certain domains. If they're trying to be careful not to blacklist various corporate email or large consumer email domains, for example. Does that trickle down to your level? Perhaps not. Do lots of folks do this? Also perhaps not. But still, it's all upside and no downside.

A lot of the time when sending mail, especially sending one-to-one email, the visible from domain and return path domain are the same. So if you're smart, you've already set up an SPF record for this domain, since SPF filtering is meant to check against the return-path domain. But if, for some reason, you don't already have an SPF record in place, you should add one. The upside might be a bit hand-wavy and poorly defined, but there likely is some. And there isn't any downside.
Post a Comment