"SPF is the leader in that it has the widest adoption and it was the first one in the marketplace," says Bill Nussey, president and CEO of e-mail service provider Silverpop, in Atlanta, Ga.
Marketers can publish their SPF records by having either their e-mail service provider or internal IT staff go to a site such as www.spf.pobox.com, which takes them through the process.
The second of the IP-based authentication solutions is Sender ID Framework (SIDF), which combines SPF with Microsoft's proprietary Caller ID solution. Microsoft implemented SIDF earlier this year for Hotmail and MSN. This solution also requires senders to publish their SPF records and adds an extra layer of protection by authenticating the Purported Responsible Address (PRA) of the e-mail, which essentially is the visible "FROM" portion of an e-mail header.
Because they are cost-effective and easy to implement, SPF and SIDF have made inroads to wider adoption by ISPs and marketers alike. According to Bigfoot Interactive's chief marketing officer, Michael Della Penna, at the New York City e-mail service provider's recent PROfile E-mail Summit, Microsoft reported that approximately 10 percent of all e-mail sending domains are compliant with SPF/ Sender ID, and that these domains represent approximately 25 percent of all incoming e-mail volume at Hotmail.
"Sender ID has the blessing of the major ISPs because it's the accumulation of both SPF and Caller ID," points out Tricia Robinson, chief marketing officer for e-mail marketing solutions provider Socketware Inc., in Atlanta, Ga. "In terms of adoption by the ISPs, Sender ID is going to have a much more positive impact than SPF."
In comparison to SPF and SIDF, cryptographic, signature-based solutions, such as Yahoo!'s DomainKeys or Cisco's Identified Internet Mail (IIM) are viewed as more robust authentication options both by the ISPs and many ESPs. "We view IP-based solutions like SPF and Sender ID as critical foundational authentication layers, with cryptographic solutions like DomainKeys as a stronger complimentary layer," says Della Penna. Yahoo!'s DomainKeys requires e-mail senders to generate public/private key pairs, and to publish the public keys in their DNS records. Matching, private keys are stored in a sender's outbound e-mail servers. When these servers send out an e-mail, the private keys generate a digital signature of the message that is pre-pended as a header to the e-mail. ISPs then can check if an incoming message's private key matches the public key published in the DNS records. This, according to Yahoo!, not only ensures the message was sent by an authorized sender, but also that the headers and content were not altered during the mailing process, something protocols such as SPF and SIDF cannot guarantee.