Exchange 2007: Sender ID vs SPF records

I need some help clearing up the differences between sender id and spf: Here is what i know:

1. SPF "Validates" that domain ip 1.2.3.4 can send from domain xyz.com -all (and more)
whch is basically verifing that the route the message took is correct.
2. That email address ending in @xyz.com can send from that domain.

http://www.openspf.org/SPF_vs_Sender_ID (The spf part i get)

Sender  ID... I dont get the PRA aspect of Sender ID. I read this page: http://www.openspf.org/blobs/spf-community-position but am not clear on it. IT seems that on one hand PRA is checking a different part of the message but its not sure?
or its checking the mfrom but isnt that checked by the spf records?

Please Provive as much explained detail as you can...

Thanks,

Robert
LVL 6
castellansolutionsAsked:
Who is Participating?
 
Gihan_JayCommented:
Here are some great sites to clear the diferences.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
http://www.openspf.org/SPF_vs_Sender_ID
What is SPF?
SPF (defined in RFC 4408) validates the HELO domain and the MAIL FROM address given as part of the SMTP protocol (RFC 2821  the "envelope" layer). The MAIL FROM address is usually displayed as "Return-Path" if you select the "Show all headers" option in your e-mail client. Domain owners publish records via DNS that describe their policy for which machines are authorized to use their domain in the HELO and MAIL FROM addresses, which are part of the SMTP protocol.
What is Sender ID?
Sender ID (defined in RFC 4406) is a Microsoft protocol derived from SPF (hence the identical syntax), which validates one of the message's address header fields defined by RFC 2822. Which one it validates is selected according to an algorithm called PRA (Purported Responsible Address, RFC 4407). The algorithm aims to select the header field with the e-mail address "responsible" for sending the message.
Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both.
0
 
gupnitCommented:
Hi,
This should be a good starting point to clear all doubts: http://technet.microsoft.com/en-us/magazine/2006.12.sidf.aspx?pr=blog
Thanks
Nitin Gupta (gupnit)
0
 
castellansolutionsAuthor Commented:
HELO = what i am submiting to the mail server that i am trying to send a message to, correct? (helo=mx.mydomainname.com (of my sending connector)

MAIL FROM = is me submitting from my address (my email address)
so that would be: robert@mydomainname.com

Is this correct so far? Beucase i think the above was adding to my conofusion?


What is the difference between mfrom and PRA? what is the difference between MAIL FROM and MFROM and PRA?

This is what i dont get it all seems to do the same stuff anyways?

Robert
0
 
castellansolutionsAuthor Commented:
Here is my current situation with this: I am getting receiving spoofed email from "Myself" here are the headers:

Received: from Exch2-Cust2.EXCH2-CUST2.local (192.168.1.101) by
 winsvr2.contoso.local (192.168.1.10) with Microsoft SMTP Server (TLS) id
 8.1.336.0; Fri, 24 Apr 2009 03:41:13 -0700
Received: from comp (77.41.52.13) by Exch2-Cust2.EXCH2-CUST2.local
 (192.168.1.101) with Microsoft SMTP Server id 8.1.358.0; Fri, 24 Apr 2009
 03:41:11 -0700
X-Originating-IP: [57.5.37.9]
X-Originating-Email: [robert@exchangetest.com]
X-Sender: robert@exchangetest.com
Return-Path: robert@exchangetest.com
To:
Subject: Rs: ONLINE SALES 79% 0FF!!
From: "VIAGRA ? Official Site"
MIME-Version: 1.0
Importance: High
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <695054a0-77d7-4adb-9af2-5a5e53782dc8@Exch2-Cust2.EXCH2-CUST2.local>
Date: Fri, 24 Apr 2009 03:41:11 -0700
X-MS-Exchange-Organization-PRD: exchangetest.com
Received-SPF: Fail (Exch2-Cust2.EXCH2-CUST2.local: domain of robert@exchangetest.com does not designate 77.41.52.13 as permitted sender) receiver=Exch2-Cust2.EXCH2-CUST2.local; client-ip=77.41.52.13; helo=comp;
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.7622.600;SV:3.3.7622.1074;SID:SenderIDStatus Fail;OrigIP:77.41.52.13
X-MS-Exchange-Organization-SCL: 7
X-MS-Exchange-Organization-SenderIdResult: FAIL


As i understand it, this should cause this message to be forewarded to the junk mail folder, except this is comes straight through to the inbox.

This is why i am thinking that i have setup my SPF/Sender ID the wrong way. Although it looks like it works, beucase the headers even say that i dont designate the host as a valid sender.

spf2.0/pra a mx ip4:64.81.85.225 ip4:64.81.85.226 mx:mail.exchangetest.com -all

What if i added a comma and then mfrom to the end of pra ?

spf2.0/pra,mfrom a mx ip4:64.81.85.225 ip4:64.81.85.226 mx:mail.exchangetest.com -all

Please Advise...

Thanks,

Robert
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.