Hi
I'm still looking for a deeper explanation. The one I found at Microsoft [1] exactly explains SPF as I know and the wizard [2] creates the same records as the wizard on spf.pobox.com.
[1] http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx [2] http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
Do you have more information?
This documents were very short and summarized Sender-ID very well:
"Sender ID Framework Executive Overview"
http://www.microsoft.com/downloads/details.aspx?FamilyId=F23A8DDD-F4DD-4419-...
"Sender ID Framework Deployment Overview"
http://www.microsoft.com/downloads/details.aspx?familyid=8958AB23-F350-40FE-...
The Sender ID Framework (SIDF) is the name of the product, not the technology. SIDF uses SPF records and solves some of the problems with forwarding mails and stuff by introducing new mail headers and a new command in the SMTP transaction, which allows you to do all the funky SPF detection stuff even before DATA. Read more on this here:
"Sender Policy Framework: Authorizing Use of Domains in Mail From"
http://www.microsoft.com/downloads/details.aspx?familyid=d8a174b1-697c-4aea-...
They have also introduced something called the PRA (Purported Responsible Address) or PRD (Purported Responsible Domain) which basically means "where did the mail come from?" or more technically: does the "From" header (and a couple of other mail headers, see spec) match the server the mail came from? And here is the part which is incompatible with "Classic SPF". The records are the same, but while "Classic SPF" ONLY used them to check the envelope from ("Return-Path"), Sender ID uses the SAME records to check for "From". So the records are identical, but the interpretation is different and that can cause major headaches because in some cases it could work, in others not, depending on whether the receiving server interprets them as SPF or as Sender ID.
Here's a translation of purported, btw:
deutsch: http://dict.leo.org/?search=purported français: http://dict.leo.org/?lp=frde&search=behaupten
Coincidentially, I checked aol.com's SPF record today and I found this. I don't have the full "bigger picture" yet, but I believe these are Classic SPF records AND a Sender ID record - split up in two TXT records:
$ dig +short txt aol.com
"spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
"v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
Note that you don't have to pay anything to use Sender-ID. Microsoft allows anyone to use Sender-ID for free (how generous!), in some cases you need to obtain a licence, tough. While this is free as in beer, it is not free as in speech and therefore it is incompatible with most open source licences:
Q5: Who needs to execute a license with Microsoft? A: It's important to note that the license is only relevant to those organisations (ISP, large enterprise) who will be CHECKING e-mails using the PRA check alternative of the Sender ID Framrwork need to secure a license. Those simply publishing their Sender ID records do not need this license.
Q7: Does Microsoft's patent licences require me to pay any fees or other royalties? A: No. There are no royalties or other fees associated with Micro- soft's patent license. [..]
from "Sender ID Framework and Intellectual Property Overview and FAQ"
http://www.microsoft.com/downloads/details.aspx?familyid=4b1c931a-57cf-40a4-...
You won't need to obtain any licences if you are only publishing SPF records and want to be compatible with Hotmail. You'll only have to if you use Sender ID technology to check Emails. And even then, it's going to be free.
Daniel