User:David MacQuigg/Sender ID: Difference between revisions
imported>David MacQuigg No edit summary |
imported>David MacQuigg No edit summary |
||
| Line 2: | Line 2: | ||
{{TOC|right}} | {{TOC|right}} | ||
'''Definition:''' Email authentication method that verifies the domain name in a "purported" sender address. | '''Definition:''' Email authentication method that verifies the domain name in a "purported" sender address. | ||
'''Sender ID''' is an email authentication method that uses the [[IP address|source IP address]] in a [[TCP]] connection to verify the domain name in a Purported Responsible Address (PRA). A Pass result provides strong assurance that the message came from a transmitter authorized by the domain owner. A Fail result allows immediate rejection of the message, while the transmitter is still connected, and before transferring any data. | '''Sender ID''' is an email authentication method that uses the [[IP address|source IP address]] in a [[TCP]] connection to verify the domain name in a Purported Responsible Address (PRA). A Pass result provides strong assurance that the message came from a transmitter authorized by the domain owner. A Fail result allows immediate rejection of the message, while the transmitter is still connected, and before transferring any data. | ||
Revision as of 21:24, 23 October 2009
- See also: Email authentication for a general overview and terminology.
Definition: Email authentication method that verifies the domain name in a "purported" sender address.
Sender ID is an email authentication method that uses the source IP address in a TCP connection to verify the domain name in a Purported Responsible Address (PRA). A Pass result provides strong assurance that the message came from a transmitter authorized by the domain owner. A Fail result allows immediate rejection of the message, while the transmitter is still connected, and before transferring any data.
This method is very similar to SPF, except that the PRA is used instead of the envelope Return Address. In simple cases, the PRA is the address that appears in the "From" header of the message. In cases where forwarding has occurred, there may be various "Resent" and "Sender" headers. Sender ID uses a complex patented algorithm to determine which of these headers to use in selecting the PRA.
Like SPF, the domain in the PRA is verified by doing a DNS query for an SPF record under the domain name. If the IP address is listed in that record, the result is Pass. Thus Sender ID security depends on the security of Internet IP addresses and of the Domain Name System.
Like SPF, Sender ID prevents the "replay" abuse possible with signature methods like DKIM, because the verified domain owner can be held responsible for high-volume replication of a message.
Limitations
|--- Sender's Network ---| |--------- Recipient's Network --------|
/
Author ==> MSA/Transmitter --> / --> Receiver/Forwarder ~~> MDA ==> Recipient
/ / /
/ Border /
/ /
------ DNS -------
How it works
Explanatory notes
Bibliography
RFC-4406 (2006), "Sender ID: Authenticating E-Mail", J. Lyon, M. Wong, http://tools.ietf.org/html/rfc4406. Microsoft's variation on SPF.
RFC-4405 (2006), "SMTP Service Extension for Indicating the Responsible Submitter of an E-Mail Message", E. Allman, H. Katz, http://tools.ietf.org/html/rfc4405. Solution to forwarding problem.
RFC-4407 (2006), "Purported Responsible Address in E-Mail Messages", J. Lyon, http://tools.ietf.org/html/rfc4407. Key difference with SPF.
- [Sender ID Home Page] [r]: Add brief definition or description - Microsoft website
- [RFC-4408] [r]: Add brief definition or description - "Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1", M. Wong, W. Schlitt, 2006.
- [Sender Policy Framework] [r]: Add brief definition or description - project website
- [Sender Rewriting Scheme] [r]: Add brief definition or description - website for SRS