Are SPF and Sender ID the same?
SPF and
Sender ID
are not the same. Both validate e-mail sender addresses, and both use
similar methods to do so. Both publish policy records in
DNS. Both use the same syntax for their policy records. So you have some excuse to be confused. They differ in
what they validate and what "layer" of the e-mail system they are concerned with.
What is SPF?
SPF (defined in
RFC 4408) validates the
HELO domain and the
MAIL FROM address given as part of the SMTP protocol (
RFC 2821 – the "envelope" layer). The
MAIL FROM address is usually displayed as "
Return-Path"
if you select the "Show all headers" option in your e-mail client.
Domain owners publish records via DNS that describe their policy for
which machines are authorized to use their domain in the
HELO and
MAIL FROM addresses, which are part of the SMTP protocol.
What is Sender ID?
Sender ID (defined in
RFC 4406) is a
Microsoft protocol derived from
SPF (hence the identical syntax), which validates one of the message's address header fields defined by
RFC 2822. Which one it validates is selected according to an algorithm called
PRA (Purported Responsible Address,
RFC 4407). The algorithm aims to select the header field with the e-mail address "responsible" for sending the message.
Since it was derived from
SPF,
Sender ID can also validate the
MAIL FROM. But it defines the new
PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers
MAIL FROM (called
MFROM by
Sender ID),
PRA, or both.
