Wednesday, August 31, 2016

email - What value does SenderID provide over SPF and DKIM?

I understand that




  • SPF "binds" a message envelope to a set of permitted IP addresses.


  • SenderID (with the default pra option) "binds" the message header to a set of permitted IPs in addition to the SPF logic.


  • DKIM "binds" the from address header (and any additional header the sender chooses), and the body to a DNS Domain name





I'm using the word "bind" above instead of "authorized" because it makes more sense (to me)



Questions:




  1. If SPF is already verifies a message FROM in the envelope, why is there a need to check the headers?


  2. When would the need to verify the envelope (SPF) need to be different than the headers (SenderID)


  3. If I'm already verifying the headers with DKIM, why do I need SenderID?



  4. Most large companies I've checked don't disable SenderID with an explicit record. EBay is a notable example of one that does. What is the rationale for disabling SenderID "pra" processing of outbound messages?


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...