A question came up on the email geeks slack channel (Join Here) about SenderID. They recently had a customer ask for SenderID authentication.
We’ve written about it a few times: (Hotmail moves to SPF Authentication and Until it stops moving) but we’ve not actually stated the reasons why in a post.
SenderID was basically SPF version 2. It tried to use the same mechanism as SPF to authenticate the visible from address. In some ways it was a predecessor to DMARC. It was an authentication method championed by Microsoft.
The really important thing to remember is that Hotmail was the only domain that really used SenderID. It was a check built into some versions of Exchange servers, too. But it was never really used outside of Microsoft.
In 2012, the IETF published an informational RFC that looked at deployment of SPF and Sender ID. The author looked at a number of different things and concluded there wasn’t much use of Sender ID.
The absence of significant adoption of the [SUBMITTER] extension, SENDER-ID], and [PRA], indicates that there is not a strong community deploying and using these protocols.
Six months after that RFC was published, Microsoft announced they were moving away from Sender ID. Given they were the only major implementation, this was the signal that it was a dead authentication method.
There is no reason to publish Sender ID records. It’s dead.
RSS - Posts
Now we just need all the email service providers to stop publishing “advice” on adding Sender ID configuration to SPF records 🙂
“Six months after that RFC was published, Microsoft announced they were moving away from Sender ID.”
I know this to be true, and I know that I’ve seen this announcement in the past, but for the life of me I can’t lay hands on it when I want a copy of it.
Do you have a link to this announcement, per chance?
I’m not sure it was a public announcement. There are still places where stuff is “soft announced” so it could have come from that. Like you I remember some level of announcement, but I can’t find it, either. Then again there are some cases where industry folks have contacted me and said “hey, it would be useful if this were more public, but we don’t want to make a real public announcement… but here are the details that can be shared.” It’s unlikely that this happened here for reasons but it’s a possibility. I dunno, maybe I learned about it at the whiskey tasting party at D. V.’s.
I did some digging through my mailbox to see if I had a link or any sort of documentation. I did find an email from another one of those places with a link to https://hal2020.com/2011/05/02/has-microsoft-put-the-nail-in-the-coffin-on-senderid/ in my mailbox, which has a comment from John Scarrow saying they support it, but a year later they changed their header to report SPF not Sender-ID.
There was also a lot of discussion on the [redacted] technical list around that time about authentication. I’ve not read through the whole thread (sometimes the pedants are too much work) but it could have been in there, too.
There’s SO much that’s undocumented or wasn’t saved and is gone from any place we can reference it. Just a few weeks ago I was looking for some old info that was on the RR postmaster pages and they’re all gone. They’re also not in archive.org and I actually tossed the printouts I’d made when we purged the house to move to Ireland. So, that’s where we are. We have history but no one thought to save it.
Thanks.
Kinda makes me sad to know that the RR postmaster stuff is gone; I was at the last [redacted] and a couple of people commented to me on how much they appreciated the old pages, but time moves on.
It made me sad, too. I did go around postmaster.aol.com and try and load as much of that into archive.org before that all goes away. But there are still pieces I can’t find, like the legal discussion of why they spent so much time fighting Sanford. … although now that I’m tying this I realise it wasn’t the postmaster page it was legal.info.aol.com. Off to the interwebs!