Hotmail moves to SPF authentication
Hotmail has recently stopped using Sender ID for email authentication and switched to authenticating with SPF. The protocol differences between SenderID and SPF were subtle and most senders who were getting a pass at Hotmail were already publishing SPF records.
From an email in my inbox from September:
Authentication-Results: hotmail.com; sender-id=pass (sender IP is 65.55.240.72) header.from=******@microsoft.discoverbing.com; dkim=fail (testing mode) header.d=microsoft.discoverbing.com; x-hmca=pass
X-SID-PRA: *********@microsoft.discoverbing.com
X-SID-Result: Pass
X-DKIM-Result: Fail(t)
X-AUTH-Result: PASS
From an email I just sent myself:
Authentication-Results: hotmail.com; spf=pass (sender IP is 209.85.214.174) smtp.mailfrom=*****@gmail.com; dkim=pass header.d=gmail.com; x-hmca=pass
X-SID-PRA: ****@gmail.com
X-AUTH-Result: PASS
X-SID-Result: PASS
And, since we’re here, let’s look at how to read the Authentication-Results line.
Authentication-Results: hotmail.com; spf=pass (sender IP is 209.85.214.174) smtp.mailfrom=*****@gmail.com; dkim=pass header.d=gmail.com; x-hmca=pass
Authentication-Results: header added by Hotmail to give authentication results.
hotmail.com: domain doing the authenticating.
spf=pass (sender IP is 209.85.214.174) smtp.mailfrom=*****@gmail.com: Authentication results for SPF. This tells you what IP Hotmail received the email from, as well SMTP.mailfrom address they used when checking the SPF. In this case, 209.85.214.174 is a google IP and is authorized to use gmail in the SMTP.mailfrom / return path / envelope from.
dkim=pass header.d=gmail.com: Says that the DKIM signature validated and the signing entity (d=) is gmail.com.