How Sender ID Works, (SPF)

Domain Spoofing | Sender ID filter uses | None validation status | Error status

Sender ID focuses on one of the most common and deceitful practices used by spammers: domain spoofing. The term domain spoofing refers to the use of someone elseīs domain name when sending a message. Domain spoofing is part of the larger problem of spoofing, which is the practice of forging a senderīs address on e-mail messages. Domain spoofing can also be used by malicious individuals in phishing scams, which try to lure consumers into disclosing sensitive personal information by pretending the e-mail is from a trusted source, such as a consumerīs bank. Disclosure of such information could lead to identity theft and other online consumer fraud.

Sender ID: Its an e-mail authentication protocol that verifies the origin of the e-mail and prevents forged mail from entering an organization. In essence, Spamjadoo using Sender ID framework asks a question: Has this e-mail message been spoofed If the answer is Yes, it has been spoofed, the Spamjadoo rejects the message immediately. If the answer is ? No, we can confirm the senderīs authenticity,? the message is assigned a SPF status and gets accepted for further checking by Spamjadoo.

So how does Sender ID work Sender ID functionality relies, in part, on an algorithm that is implemented in the Sender ID filter detects the purported responsible address (PRA). PRA is the e-mail address of the entity that is most recently responsible for injecting a message into the e-mail system. The Sender ID filter determines the actual e-mail domain by locating the first definition of the following RFC2822 message headers in this order:

1. Resent-Sender 2. Resent-From 3. Sender 4. From
If none of these headers is found, the Sender ID filter uses the STMP RFC 2821 MAIL FROM value.
Figure 1 How Sender ID Works
Here are the steps in the Sender ID verification process in Figure 1:
1 A sender sends an e-mail message to the receiver.
2 The receiverīs inbound mail server receives the e-mail message and extracts the PRA.
3 The inbound mail server checks which domain claims to have sent the message, and examines the domain name system (DNS) for the sender policy framework (SPF) record of that domain. These SPF records identify authorized outgoing e-mail servers. The inbound server determines whether the sending e-mail serverīs IP address matches any of the IP addresses that are published in the SPF record. For more information about what an SPF record contains and how to create an SPF record.
4 If the IP addresses match, the e-mail message is authenticated and delivered to the receiver. If the IP addresses do not match, the e-mail message fails authentication and is not delivered.

Based on the evaluation of the Sender ID record, every message is handeled at SMTP process itself and appropriate responce is being sent to the sender.

The Sender ID status reflects the results of the Sender ID filtering process. The Sender ID status can be one of the following:
1 Pass The IP address for the PRA is in the permitted set in DNS.
2 Neutral Published Sender ID data is explicitly inconclusive.
3 Softfail This value indicates a weaker type of failure. The IP address may not be in the permitted set in DNS.
4 Fail The IP Address is in the not permitted set in DNS.

None validation status
1 None No published data is available

Error status
1 TempError There is a transient error, such as an unavailable DNS server.
2 PermError There is an unrecoverable error, such as an error in the record format.