Sender Policy Framework and Sender ID FAQs

1. What Are Sender Policy Framework and Sender ID?

SPF and Sender ID records are lists of IP addresses that are allowed to send email from your domain. These lists authenticate that email from your domain is really from you and help protect your brand by reducing the chance that your email is mistaken for spam.

When an ISP receives an email from somebody@example.com via IP address 1.2.3.4, the ISP checks the SPF or Sender ID record at example.com. If 1.2.3.4 is on the list, the email is genuine. If not, the email may be a phish or spoof, and may be filtered, rejected, or discarded.

2. What Do Sender ID and SPF Records Look Like?

An SPF or Sender ID record is a simple text (TXT) record placed in the DNS for a domain.

An SPF record example:

v=spf1 ip4:207.67.38.0/24 ip4:207.250.68.0/24 ip4:64.132.92.0/24 ip4:64.132.88.0/24 -all

A Sender ID record example:

spf2.0/pra ip4:207.67.38.0/24 ip4:207.250.68.0/24 ip4:64.132.92.0/24 ip4:64.132.88.0/24 -all

3. What Is the difference Between Sender ID and SPF?

The spf1 and spf2.0 in the examples above demonstrate that Sender ID is "version 2" of SPF.

4. Why Does This Matter?

ISPs use SPF and Sender ID when deciding which email to reject. By publishing a SPF or Sender ID record, you prove that you are not phishing or spoofing. Hotmail, in particular, is more likely to reject or silently discard your mail if you do not have an SPF or Sender ID record. Other ISPs also use the records, as do anti-spam and security systems used in corporate networks.

5. How Do I Create an SPF Record?

If you use ExactTarget's Sender Authentication Package, you already use Sender ID and SPF.
Otherwise, use the following steps to create your own SPF record:

1. Access the control panel for your DNS provider or domain registrar.
2. Create a DNS entry of type TXT for the domain.
3. Leave the hostname or subdomain field blank.
4. Enter one of the following for the DNS entry field: 

v=spf1 include:cust-spf.exacttarget.com -all

v=spf1 ip4:1.2.3.4 include:cust-spf.exacttarget.com -all

v=spf1 ip4:192.168.92.0/24 include:cust-spf.exacttarget.com -all

6. How Do I Use the "All Mechanism"?

Your Sender ID or SPF record must end with an all mechanism to indicate what to do with email that fails authentication. There are four all mechanisms: +all ("plus all" every email passes), ?all ("question all" failed message was a test message), ~all ("soft fail all"), and -all ("hard fail all").

You should not use +all or ?all in your final configuration. Hotmail gives the strongest deliverability boost only to -all. ExactTarget recommends that SPF or Sender ID records use -all.
 

7.How Do I Test to Ensure My SPF or Sender ID Record Is Configured Properly?

ExactTarget's free reputation reporting includes this information. Send a message to reputation@etdeliverability.com from within the application. Then, send a message to deliverability@exacttarget.com with the from line and subject line you used and ask for the reputation reporting results. Mention that you're testing Sender ID and SPF so the deliverability team can include feedback on any issues in the report.

8. Can You Manage This For Me?  

ExactTarget's Sender Authentication Package provides SPF and Sender ID, DomainKeys, DKIM authentication, and more. Contact your account manager for more information.