Applies to: Exchange Server 2007
Topic Last Modified: 2007-06-07

Use the Test-SenderId cmdlet to test whether a given IP address is the legitimate sending address for a given SMTP address.


Test-SenderId -IPAddress <IPAddress> -PurportedResponsibleDomain <SmtpDomain> [-DomainController <Fqdn>] [-HelloDomain <String>] [-Server <ServerIdParameter>]


Parameter Required Type Description




This parameter specifies the originating IP address of the sending server.




Enter the domain name that you want to verify with Sender ID.




To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service, include the DomainController parameter on the command. The DomainController parameter is not supported on computers that run the Edge Transport server role. The Edge Transport server role reads and writes only to the local ADAM instance.




Enter the domain address that is displayed in the HELO or EHLO SMTP commands from this sender.




To specify the server on which you run the Test-SenderId cmdlet, include the Server parameter in the command. If you do not use the Server parameter, the command is run on the local server where the task is executed.

Detailed Description

This command provides the results of a Sender ID check for the IP address and the corresponding domain name that you specify. For more information about Sender ID in Microsoft Exchange Server 2007, see Sender ID.

To run the Test-SenderId cmdlet, the account you use must be delegated the following:

  • Exchange View-Only Administrator role

To run the Test-SenderId cmdlet on a computer that has the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Output Description


Status returns one of the following: Pass, Neutral, SoftFail, Fail, None, or TempError.

  • Pass    The IP Address and Purported Responsible Domain pair passed the Sender ID verification check.

  • Neutral   The Sender ID verification check was inconclusive.

  • Softfail   The IP Address may not be in the sender policy framework (SPF). Softfail is considered less trusted than Neutral.

  • Fail   The IP address is specifically not listed in the SPF. A FailReason status code will be specified. See the FailReason section.

  • None   No published sender policy framework (SPF) data exists in the sender's Domain Name System (DNS).

  • TempError   A temporary DNS failure occurred.

  • PermError   The DNS record is invalid.


The FailReason output is only returned if the Status code returns a Fail status. FailReason output returns one of the following: NotPermitted or DomainDoesNotExist. The NotPermitted status indicates that the domain in question is likely being spoofed by the sender. The DomainDoesNotExist status indicates that the domain name provided in the PurportedReponsibleDomain parameter does not exist in the DNS.


The Explanation output is an optional output that provides additional detail for a Fail status. The information for the Explanation output may come from the SPF.


The following code example shows a Test-SenderID command that has the required parameters.

Copy Code
Test-SenderID -IPAddress -PurportedResponsibleDomain