Sender Policy Framework and Sender ID: Second in 3-Part Series on E-Mail Authentication - Page 2

SPF and Sender ID: What they are

SPF is an open-source protocol designed to prevent forgery by verifying a particular sender identity. Sender ID (Microsoft's modified version of SPF) uses essentially the same process to validate a different, and usually more visible, domain identity: the Purported Responsible Address (PRA). The protocol used in SPF and Sender ID is an inexpensive solution for senders. The only processing change required for senders is the optional addition of a Sender header.

The Sender ID PRA identity is determined by applying a set of rules. Most commonly, the PRA resolves to either the From address visible in most e-mail clients or to the optional Sender header. The Sender header takes precedence when it is present; it enables the sender to specify an alternative to the From address domain as the location of the authentication credentials.

In contrast, the identity that is validated by SPF is the protocol-level identification of the delivering mail server, and is usually invisible to recipients. It is mirrored in the Return-Path header, the address to which mail delivery errors (or bounces) are sent. For individual e-mail addresses or small domains, it may sometimes be set to the user's e-mail address. But, for larger and more professionally managed domains, it is usually a domain related to the mail server that sent the message.