Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2007: Sender ID vs SPF records

Posted on 2009-04-18
6
Medium Priority
?
1,587 Views
Last Modified: 2012-05-06
I need some help clearing up the differences between sender id and spf: Here is what i know:

1. SPF "Validates" that domain ip 1.2.3.4 can send from domain xyz.com -all (and more)
whch is basically verifing that the route the message took is correct.
2. That email address ending in @xyz.com can send from that domain.

http://www.openspf.org/SPF_vs_Sender_ID (The spf part i get)

Sender  ID... I dont get the PRA aspect of Sender ID. I read this page: http://www.openspf.org/blobs/spf-community-position but am not clear on it. IT seems that on one hand PRA is checking a different part of the message but its not sure?
or its checking the mfrom but isnt that checked by the spf records?

Please Provive as much explained detail as you can...

Thanks,

Robert
0
Comment
Question by:castellansolutions
  • 2
4 Comments
 
LVL 32

Expert Comment

by:gupnit
ID: 24178692
Hi,
This should be a good starting point to clear all doubts: http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx?pr=blog
Thanks
Nitin Gupta (gupnit)
0
 
LVL 2

Accepted Solution

by:
Gihan_Jay earned 2000 total points
ID: 24211280
Here are some great sites to clear the diferences.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
http://www.openspf.org/SPF_vs_Sender_ID
What is SPF?
SPF (defined in RFC 4408) validates the HELO domain and the MAIL FROM address given as part of the SMTP protocol (RFC 2821  the "envelope" layer). The MAIL FROM address is usually displayed as "Return-Path" if you select the "Show all headers" option in your e-mail client. Domain owners publish records via DNS that describe their policy for which machines are authorized to use their domain in the HELO and MAIL FROM addresses, which are part of the SMTP protocol.
What is Sender ID?
Sender ID (defined in RFC 4406) is a Microsoft protocol derived from SPF (hence the identical syntax), which validates one of the message's address header fields defined by RFC 2822. Which one it validates is selected according to an algorithm called PRA (Purported Responsible Address, RFC 4407). The algorithm aims to select the header field with the e-mail address "responsible" for sending the message.
Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both.
0
 
LVL 6

Author Comment

by:castellansolutions
ID: 24211413
HELO = what i am submiting to the mail server that i am trying to send a message to, correct? (helo=mx.mydomainname.com (of my sending connector)

MAIL FROM = is me submitting from my address (my email address)
so that would be: robert@mydomainname.com

Is this correct so far? Beucase i think the above was adding to my conofusion?


What is the difference between mfrom and PRA? what is the difference between MAIL FROM and MFROM and PRA?

This is what i dont get it all seems to do the same stuff anyways?

Robert
0
 
LVL 6

Author Comment

by:castellansolutions
ID: 24232917
Here is my current situation with this: I am getting receiving spoofed email from "Myself" here are the headers:

Received: from Exch2-Cust2.EXCH2-CUST2.local (192.168.1.101) by
 winsvr2.contoso.local (192.168.1.10) with Microsoft SMTP Server (TLS) id
 8.1.336.0; Fri, 24 Apr 2009 03:41:13 -0700
Received: from comp (77.41.52.13) by Exch2-Cust2.EXCH2-CUST2.local
 (192.168.1.101) with Microsoft SMTP Server id 8.1.358.0; Fri, 24 Apr 2009
 03:41:11 -0700
X-Originating-IP: [57.5.37.9]
X-Originating-Email: [robert@exchangetest.com]
X-Sender: robert@exchangetest.com
Return-Path: robert@exchangetest.com
To:
Subject: Rs: ONLINE SALES 79% 0FF!!
From: "VIAGRA ? Official Site"
MIME-Version: 1.0
Importance: High
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <695054a0-77d7-4adb-9af2-5a5e53782dc8@Exch2-Cust2.EXCH2-CUST2.local>
Date: Fri, 24 Apr 2009 03:41:11 -0700
X-MS-Exchange-Organization-PRD: exchangetest.com
Received-SPF: Fail (Exch2-Cust2.EXCH2-CUST2.local: domain of robert@exchangetest.com does not designate 77.41.52.13 as permitted sender) receiver=Exch2-Cust2.EXCH2-CUST2.local; client-ip=77.41.52.13; helo=comp;
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.7622.600;SV:3.3.7622.1074;SID:SenderIDStatus Fail;OrigIP:77.41.52.13
X-MS-Exchange-Organization-SCL: 7
X-MS-Exchange-Organization-SenderIdResult: FAIL


As i understand it, this should cause this message to be forewarded to the junk mail folder, except this is comes straight through to the inbox.

This is why i am thinking that i have setup my SPF/Sender ID the wrong way. Although it looks like it works, beucase the headers even say that i dont designate the host as a valid sender.

spf2.0/pra a mx ip4:64.81.85.225 ip4:64.81.85.226 mx:mail.exchangetest.com -all

What if i added a comma and then mfrom to the end of pra ?

spf2.0/pra,mfrom a mx ip4:64.81.85.225 ip4:64.81.85.226 mx:mail.exchangetest.com -all

Please Advise...

Thanks,

Robert
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question