Volume 11

Sender ID: What do Email Marketers need to know?

Sender authentication is a way to check that an email has genuinely been sent from the domain it claims to come from.

Have you ever received an email that appeared to be from a friend or workmate, but turned out to be spam, or, even worse, a virus? This is called "spoofing" and studies show that 95% of spam is "spoofed". That is, the "From" address is fake. This can include "phishing" scams, where users receive emails that appear to come from their bank or credit card company, requesting private information.

In recent months a new standard has emerged called "Sender ID", which aims to prevent spammers from sending email from fake "from" addresses. An amalgamation of several proposals, Sender ID is now championed by Microsoft, and is endorsed by companies such as Verisign, Symantec, Trust-e and Barracuda Networks.

An alternate offering from POBox and AOL uses the same underlying principles, but without some of the licensing issues that have been identified with Microsoft's proposal.

How does it work?

Every domain name* has what is called a "DNS" record. This record contains information about the servers that are involved in hosting your website and sending your email.
* A domain name is your web address (eg. "Sunacommunications.com").

Sender ID uses a portion of this record called the SPF to publish the addresses of any servers that you authorize to send email for you.

Let's say that you have a Hotmail account. If someone sends a message to your Hotmail account, the Hotmail servers will look at the "from" address, and look up the associated SPF record for that address. This will be compared against the IP address of the server that the email was sent from. If they match, the message is considered "authenticated".

What happens to messages that are not authenticated is up to your incoming email server and/or email program (in this example Hotmail). The message could be displayed with an icon next to it, put into a special folder, or blocked completely.

The Benefits of Sender ID

For consumers:

  • Spammers may find it more difficult to get their messages delivered
  • Spoofed messages containing viruses can be identified
  • Emails from banks and other financial institutions can be received with confidence that they are legitimate

For Email Marketers:

  • Deliverability can be improved
  • Prevent spammers from using your domain name as a fake "from" address

Although Sender ID will provide some relief from spam, Sender ID does not stop spam being sent. It simply makes it more difficult to get it delivered.

Sender ID does not guarantee that:

  • the message is not spam;
  • the message does not contain offensive or misleading content;
  • the message is of interest to the recipient;
  • the message is sent by someone known to the recipient.

Microsoft are quick to point out that Sender ID is only one step towards getting rid of spam, and that filters, legislation and enforcement are also vital pieces in the puzzle.

What should Email Marketers be doing?

If possible, you should ensure that your company has published an SPF record. While Microsoft's framework may not be the final answer, publishing a record is relatively easy and there are no negative consequences of doing so. Those companies that use SPF to validate email will have a better chance of receiving your emails, and those that do not won't be affected.

When publishing your SPF record, it is important that you consider ALL ways that email could originate from your domain name. This can include not only your in-house mail servers, but also any third parties that you use to send email newsletters or conduct marketing campaigns for you. These go in a special section of the SPF record called "outsourced domains".

To publish your SPF record, speak to your IT department or your website hosting company.

Useful Links

Microsoft's Sender ID Framework:

Use this tool to check your SPF record and generate the information that should be in it:

Another SPF Record Generation Wizard is found here: