SPF = Sender Policy Framework - It's a DNS record to allow SMTP receivers to verify email envelope sender address (preventing domain spoofing and phishing), and can distinguish legitimate mail from spam before any message data is transmitted.
If you check out your domain at dnsreport.com, you'll probably see a warning that your domain needs to have one in place by Octber 1, 2004.

Microsoft - being Microsoft - wanted to do something different called Sender-ID - aka "Caller ID For Email"s. Apparently someone got to them because they decided to work with the SPF folk (pobox.com) to implement the functionality.

Bottom line is that MS will implement it for Hotmail within the next 30-60 days and I'm trying to figure out If I'll be able to send to Hotmail accounts if I don't have an SPF record in the domain DNS.

I've been told that many hosts will implement the check in such a fashion that If an incoming email fails the SPF check, it'll be passed to a blacklist checker and only be delivered if it passes that (like it works now). But I haven't been able to find anything saying that's the process Hotmail will use.

Also trying to figure out what this means for the iis smtp server set-up on my local pc.

If anyone has any info about the details behind the Hotmail or local iis smtp server setup, could you please post the info and/or links?

Thanks

EDIT: SPF Guidelines/wizard at http://spf.pobox.com - http://spf.pobox.com

What I've need able to find out is that initially, Hotmail will check for the SPF record. If it finds one, it'll assume the email is ok. If it doesn't find one, it'll check it against their spam list. Won't be until sometime later ture that they actually block email without an SPF record.

This has actually been in the works for quite some time now although I don't know where the October 1st date came from. Couldn't find any RFC covering it although itwill probably become a formal internet standard within the next 12-24 months.

I was also able to confirm that people using "localhost" as the smtp server for domains with shared ip's, or who use smtp from their local pc's, will be screwed. Going to need to use a mail server specified in the mx records for some domain in order for people to get the email. That's good thing though - it'll stop the spammers/hackers who grab peoples machines and use them to send spam.

It would be a good idea to start converting any code using localhost/127.0.0.1 to the appropriate mail server for your domains.

It looks like you'll be able to toggle spf off/on on your own servers, also allow/deny a list of ips/domains. Probably be different for every web/mail server.

Here's the info on SPF http://spf.pobox.com - http://spf.pobox.com