SPF and Sender ID: How They Work

By Ellen Siegel  |  Posted 2009-04-29 Print this article Print

SPF and Sender ID: How they work

Both SPF and Sender ID work by requiring that senders publish their comprehensive list of authorized servers in the appropriate DNS domain(s)-for example, mye-maildomain.net. The list is published in a SPF record. Nothing more needs to be done on the sending side, except to make sure that the record remains up-to-date as mail servers are added or retired. No additional processing is required in Step 2 of the authentication flow.

On the receiving side, the verifier determines the domain to be authenticated, and then looks in that domain's DNS entry for the list of authorized servers. If the list contains the address of the server that delivered the message to the receiver, then the message authentication succeeds. If the list does not contain the delivering server, then the authentication fails. If it finds no record, the result is neutral.

It is important to note that path-based authentication mechanisms such as SPF and Sender ID are very sensitive to breakage caused by forwarding. Although it is possible to deal with this problem by adding special Resent-From headers, very few forwarding mail servers add them. In order to avoid SPF and Sender ID validation failures, many sites choose to terminate their SPF records with "~all" rather than "-all", which indicates a "soft" failure rather than an absolute violation.

Ellen Siegel is Director of Technology and Standards at Constant Contact. With more than 20 years of experience in online communication technologies, Ellen works to define and drive the adoption of industry best practices and standards to help fight spam, support legitimate e-mail, and enable Constant Contact to serve the growing needs of small businesses and organizations. Ellen is a board member and technical committee co-chair for the E-mail Sender and Provider Coalition (ESPC) and an active member of the Messaging Anti-Abuse Working Group (MAAWG). She can be reached at esiegel@constantcontact.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel