Determining where to publish
For SPF, you will need to publish SPF version 1 records in the DNS domain(s) of each unique Return-Path address. For Sender ID, you will need to publish SPF version 2 records in the DNS domain of each unique PRA. Note that if you use a third party to send e-mail, you should ensure that they have valid SPF records for the domain(s) of their mail servers as well.
If you're setting up your mail servers to validate authentication for inbound mail, you will want to use a pre-existing open-source or commercial plug-in that works with your existing mail servers.
Here you can see a list of available SPF implementations, including mail servers that support SPF natively, and a list showing industry support for Sender ID. Each of these will have their own implementation specific documentation on how to install and configure the necessary packages.
To learn how to test your deployment, continue on to Part 3 of this three-part series on e-mail authentication.
Editor's Note: In Part 1 of her three-part series on e-mail authentication, Knowledge Center contributor Ellen Siegel shared a comprehensive, high-level overview of e-mail authentication. Here, in Part 2, Ellen delved into the functionality and implementation details of Sender Policy Framework (SPF) and Sender ID authentication. In Part 3, Ellen delves into the functionality and technical details of Domain Keys Identified Mail (DKIM).
Ellen is a board member and technical committee co-chair for the E-mail Sender and Provider Coalition (ESPC) and an active member of the Messaging Anti-Abuse Working Group (MAAWG). She can be reached at email@example.com.