SPF alla Microsoft – sender ID

There has been a lot of commotion in technical circles in the past week following on Microsoft’s announcement that it was implementing Sender ID for hotmail.
Microsoft’s original plans for sender ID seemed to be quashed when the Open Source community, most notably the Apache Software Foundation, made it clear that they did not support Microsoft’s implementation.
The original MS version of sender ID seems to have fallen by the wayside to be replaced by SPF, which I mentioned a few months ago.
What is causing some confusion is Microsoft’s insistence on referring to it as “sender ID”, while all the documentation on their site points back to the SPF homepage.
Is there any difference?
It would seem not.
In the last week a number of our clients who hadn’t already published SPF for their domains did so and we are now publishing a basic set for our primary domain.
Should we applaud Microsoft? I think not. A more responsible attitude would have been to allow people a bit more time to prepare their DNS.
Having said that, SPF records are not particulary complicated, but it still requires some thought to set them up.
If you are only sending mail from one mailserver and never from any other and do not outsource any services to 3rd parties that may send email on your behalf, then an SPF record could be very simple.
Have a look at the one from aol.com:
aol.com. 300 IN TXT "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
aol.com. 300 IN TXT "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"

It’s not overly complex, but if you compare it to mine for this domain:
mneylon.com. 900 IN TXT "v=spf1 a a:tristan.blacknight.ie -all"
you can see that they have had to take into account more complex factors.
Microsoft.com on the other hand, is being “clever”:
microsoft.com. 3600 IN TXT "v=spf1 mx redirect=_spf.microsoft.com"

they are actually sending you off to check against _spf.microsoft.com which has:
_spf.microsoft.com. 3600 IN TXT "v=spf1 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 ip4:131.107.3.116 ip4:131.107.3.117 ip4:131.107.3.100 ip4:131.107.3.108 a:delivery.pens.microsoft.com a:mh.microsoft.m0.net mx:microsoft.com ?all"

Even their SPF record might not be entirely comprehensive. Microsoft have been known to outsource some mailing lists to 3rd parties, so why aren’t they mentioned?
So what of Irish business?
Who is publishing SPF?
Newsweaver isn’t, Techcentral.ie seem to be oblivious to it, as are ENN and those are just a small selection of email sources that I receive mail from regularly.
DirectSki.com are publishing SPF, but they seem to be in the minority.
What’s even more amusing is that one of our competitors who fancy themselves as providers of antispam haven’t even bothered to do it.
Will this mean that they’ll all be rushing to rectify the situation over the next few weeks or will they remain in blissful ignorance?
I guess we’ll have to wait and see, but with SPF being adopted by some of the largest free email providers it is only a matter of time before the rest of the world is forced to follow suit.