Sender ID Technology: Information for IT Professionals
Published: June 23, 2004 | Updated: October 17, 2006
The Sender ID Framework is a protocol created to counter e-mail domain spoofing and to provide greater protection against phishing schemes by verifying an e-mail message's sender.
Domain spoofing refers to the use of someone else's domain name when sending a message and is part of the larger problem of spoofing (the practice of forging the sender's address on e-mail messages). Domain spoofing can also be used by malicious individuals in phishing scams, which try to lure consumers into divulging sensitive personal information by pretending the e-mail is from a trusted source, such as a consumer's bank. Disclosure of such information can lead to identity theft and other online consumer fraud.
The Sender ID Framework is designed to verify that each e-mail message originates from the Internet domain from which it claims to come based on the sender's server IP address. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail and phishing scams.
How Sender ID Works
Domain administrators publish Sender of Policy Framework (SPF) records in the Domain Name System (DNS) which identify authorized outbound e-mail servers. Receiving e-mail systems verify whether messages originate from properly authorized outbound e-mail servers. The following diagram illustrates the verification process.
Sender ID at work. Only authenticated messages are allowed to reach the receiver.
The steps in the process are:
Steps for Mail Senders and Developers
If you are an e-mail sender, you simply need to create an SPF record and add it to the DNS records of your domain. The Sender ID Framework SPF Record Wizard (anti-spamtools.org) walks you through a step-by-step process to create your SPF record. To perform Sender ID validation, your ISP or system administrator will need to update to Sender ID–compliant software.
For information on licensing requirements visit the Sender ID Resources page.