Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites

Sender ID Technology: Information for IT Professionals

Published: June 23, 2004 | Updated: October 17, 2006

Home Page




Support & Solutions

Calls for Adoption

35 organizations in the industry call for rapid adoption of Sender ID. Read the letter to the FTC. (

Security Glossary

Click the term to get the definition.




The Sender ID Framework is a protocol created to counter e-mail domain spoofing and to provide greater protection against phishing schemes by verifying an e-mail message's sender.

Domain spoofing refers to the use of someone else's domain name when sending a message and is part of the larger problem of spoofing (the practice of forging the sender's address on e-mail messages). Domain spoofing can also be used by malicious individuals in phishing scams, which try to lure consumers into divulging sensitive personal information by pretending the e-mail is from a trusted source, such as a consumer's bank. Disclosure of such information can lead to identity theft and other online consumer fraud.

The Sender ID Framework is designed to verify that each e-mail message originates from the Internet domain from which it claims to come based on the sender's server IP address. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail and phishing scams.

How Sender ID Works

Domain administrators publish Sender of Policy Framework (SPF) records in the Domain Name System (DNS) which identify authorized outbound e-mail servers. Receiving e-mail systems verify whether messages originate from properly authorized outbound e-mail servers. The following diagram illustrates the verification process.

Four steps in the Sender ID e-mail verification process.

Sender ID at work. Only authenticated messages are allowed to reach the receiver.

The steps in the process are:


The sender transmits an e-mail message to the receiver.


The receiver's inbound mail server receives the mail.


The inbound server checks which domain claims to have sent the message, and checks the DNS for the SPF record of that domain. The inbound server determines if the sending e-mail server's IP address matches any of the IP addresses that are published in the SPF record.


If the IP addresses match, the mail is authenticated and delivered to the receiver. If the addresses do not match, the mail fails authentication and is not delivered.

Steps for Mail Senders and Developers

If you are an e-mail sender, you simply need to create an SPF record and add it to the DNS records of your domain. The Sender ID Framework SPF Record Wizard ( walks you through a step-by-step process to create your SPF record. To perform Sender ID validation, your ISP or system administrator will need to update to Sender ID–compliant software.

For information on licensing requirements visit the Sender ID Resources page.

© 2014 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies