Exchange 2007: Sender ID vs SPF records

Posted on 2009-04-18
Last Modified: 2012-05-06
I need some help clearing up the differences between sender id and spf: Here is what i know:

1. SPF "Validates" that domain ip can send from domain -all (and more)
whch is basically verifing that the route the message took is correct.
2. That email address ending in can send from that domain. (The spf part i get)

Sender  ID... I dont get the PRA aspect of Sender ID. I read this page: but am not clear on it. IT seems that on one hand PRA is checking a different part of the message but its not sure?
or its checking the mfrom but isnt that checked by the spf records?

Please Provive as much explained detail as you can...


Question by:castellansolutions
    LVL 32

    Expert Comment

    This should be a good starting point to clear all doubts:
    Nitin Gupta (gupnit)
    LVL 2

    Accepted Solution

    Here are some great sites to clear the diferences.
    What is SPF?
    SPF (defined in RFC 4408) validates the HELO domain and the MAIL FROM address given as part of the SMTP protocol (RFC 2821  the "envelope" layer). The MAIL FROM address is usually displayed as "Return-Path" if you select the "Show all headers" option in your e-mail client. Domain owners publish records via DNS that describe their policy for which machines are authorized to use their domain in the HELO and MAIL FROM addresses, which are part of the SMTP protocol.
    What is Sender ID?
    Sender ID (defined in RFC 4406) is a Microsoft protocol derived from SPF (hence the identical syntax), which validates one of the message's address header fields defined by RFC 2822. Which one it validates is selected according to an algorithm called PRA (Purported Responsible Address, RFC 4407). The algorithm aims to select the header field with the e-mail address "responsible" for sending the message.
    Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both.
    LVL 6

    Author Comment

    HELO = what i am submiting to the mail server that i am trying to send a message to, correct? ( (of my sending connector)

    MAIL FROM = is me submitting from my address (my email address)
    so that would be:

    Is this correct so far? Beucase i think the above was adding to my conofusion?

    What is the difference between mfrom and PRA? what is the difference between MAIL FROM and MFROM and PRA?

    This is what i dont get it all seems to do the same stuff anyways?

    LVL 6

    Author Comment

    Here is my current situation with this: I am getting receiving spoofed email from "Myself" here are the headers:

    Received: from Exch2-Cust2.EXCH2-CUST2.local ( by
     winsvr2.contoso.local ( with Microsoft SMTP Server (TLS) id
     8.1.336.0; Fri, 24 Apr 2009 03:41:13 -0700
    Received: from comp ( by Exch2-Cust2.EXCH2-CUST2.local
     ( with Microsoft SMTP Server id 8.1.358.0; Fri, 24 Apr 2009
     03:41:11 -0700
    X-Originating-IP: []
    X-Originating-Email: []
    Subject: Rs: ONLINE SALES 79% 0FF!!
    From: "VIAGRA ? Official Site"
    MIME-Version: 1.0
    Importance: High
    Content-Type: text/html; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    Message-ID: <695054a0-77d7-4adb-9af2-5a5e53782dc8@Exch2-Cust2.EXCH2-CUST2.local>
    Date: Fri, 24 Apr 2009 03:41:11 -0700
    Received-SPF: Fail (Exch2-Cust2.EXCH2-CUST2.local: domain of does not designate as permitted sender) receiver=Exch2-Cust2.EXCH2-CUST2.local; client-ip=; helo=comp;
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Organization-Antispam-Report: DV:3.3.7622.600;SV:3.3.7622.1074;SID:SenderIDStatus Fail;OrigIP:
    X-MS-Exchange-Organization-SCL: 7
    X-MS-Exchange-Organization-SenderIdResult: FAIL

    As i understand it, this should cause this message to be forewarded to the junk mail folder, except this is comes straight through to the inbox.

    This is why i am thinking that i have setup my SPF/Sender ID the wrong way. Although it looks like it works, beucase the headers even say that i dont designate the host as a valid sender.

    spf2.0/pra a mx ip4: ip4: -all

    What if i added a comma and then mfrom to the end of pra ?

    spf2.0/pra,mfrom a mx ip4: ip4: -all

    Please Advise...



    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now