BLOG

Microsoft and SPF

Many deliverability folks stopped recommending publishing SPF records for the 5322.from address to get delivery to Microsoft. I even remember Microsoft saying they were stopping doing SenderID style checking. A discussion on the emailgeeks slack channel has me rethinking that.

It started out with one participant asking if other folks were seeing delivery improvement at MS if they added a SPF record for the 5322.from. Other folks chimed in and said yes, they had seen the same thing. Then I started digging and discovered that MS is still recommending SenderID records on their troubleshooting page.

Email sent to Outlook.com users should include Sender ID authentication. While, other forms of authentication are available, Microsoft currently only validates inbound mail via SPF and Sender ID authentication.

Microsoft Sender Support

The support page may be out of date, or it may not. In any case, it may be worth adding a SPF record to your 5322.from domain if you’re seeing persistent problems at Microsoft and no where else.

This isn’t great practice overall. But, it may explain why some folks are having such a hard time cracking the MS inbox.

5 comments

  1. Todd Herr says

    It’s interesting that the two bullets on that page directly under the quoted section are links to the RFCs for SPF and DKIM, even though the paragraph makes no mention of DKIM.

    I have no insight into how old the page is, but like you, I have memories of MS stopping Sender-ID checking, and I can see that they don’t explicitly publish Sender-ID records for their own domains.

    Better safe than sorry, I guess?

    1. laura says

      Yeah, it may be out of date, but given folks’ recent experiences it may not be as out of date as we think. I do remember (and probably blogged about) when they announced they weren’t using SenderID anymore. But I also remember SenderID was a slightly different spec. So maybe they stopped using SenderID (i.e., SFP v.2) but are still checking SPF on the 5322.from? Or maybe this is only in the absence of DMARC records or alignment? I can think of a lot of ways this could be implemented in ways that are … uniquely Microsoft.

  2. Stefano Bagnara says

    It’s cool how some “professional” on the mailop list 1 year ago answered me “Please feel free to print out
    https://www.spamresource.com/2018/10/sender-id-no-dont-bother.html
    and tape it to your forehead for future reference.”
    When I told Microsoft was still analyzing the SID-PRA domain and not only the “smtp from:” domain in their SPF-like filtering.

  3. Al Iverson says

    Heh, this professional stands by that statement.

    Can’t hurt to have an SPF record for your visible from domain, sure. That’s not quite the same thing as “is Microsoft checking Sender ID any more?”

  4. Stefano Bagnara says

    The whole thread is in the archives and can be checked, including the senteces about logging if the servers looked up for SenderID vs SPF records (LOL).

    BTW I felt bullied by that message and I didn’t reply anymore to that because there wasn’t anything constructive.

    I had my proofs and I’m happy to see someone else look at data to confirm announcements.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.