The Email Wars

Question: How can we be sure we are setting up e-mail authentication records correctly?

Answer: E-mail authentication stymies forgery of e-mail messages and allows senders to build a positive reputation with receivers based on mailing behavior.

Now that you are ready to set up authentication records, you must first decide what protocol makes sense for you: SPF, SenderID or DomainKeys. You can find detailed information about each protocol—and the steps to set the records up—by using these free resources:

SPF: www.openspf.org/wizard.html
SenderID: www.microsoft.com/senderid
DomainKeys: http://antispam.yahoo.com/domainkeys

Once you have decided on a course of action and set your records up, it is imperative to test your authentication records to ensure they are working properly. SPF, SenderID and DomainKeys all provide options to publish your records in “test mode,” which allows you to test without risking delivery failures for mistakes in your record. Testing will ensure that the mail servers you’ve authorized are being verified by receivers and will determine if you’ve missed identifying any mail servers in your inventory.

Some testing options:

Return Path’s SPF-SenderID testing tool: senderid.returnpath.net
Port25’s Email Relay: check-auth@verifier.port25.com
Gmail: Send to a Gmail account, log in, view message and view the header. Look for the “Received-SPF:” line for the result of its SPF check on your e-mail.
DNSSTUFF: www.dnsstuff.com/pages/spf.htm
OpenSPF: www.openspf.org/why.html
Yahoo!: Send e-mail to a Yahoo! account to check DomainKeys signatures. Yahoo! will also indicate to the recipient when the signature is valid.
DomainKeys at Sourceforge: http://domainkeys.sourceforge.net (step by step instructions, a few testing e-mail addresses, etc.)

Source