In <20040730043748(_dot_)0BE531A01F8(_at_)smtp-1(_dot_)hotpop(_dot_)com>
"Shoaib" <ssoomro_183(_at_)HotPOP(_dot_)com> writes:
Whats the basic difference b/w SPF and Sender ID?
The important differences between SPF and Sender ID are:
1) Microsoft has placed its backing with Sender ID, not SPF.
2) SPF checks the "envelope from" which is where bounces are sent to
and part of the SMTP transaction while Sender ID checks various
mail headers such as From:, Resent-Sender: and others.
3) Sender ID has had very little testing and the only data that has
been published so far shows that hit has a much higher rate of
incorrectly rejecting valid email.
Is Sender ID really needed when SPF is already available to tackle all
issues relating domain spoofing?
SPF doesn't tackle all issues related to domain spoofing since it
doesn't check the email headers such as the From: line. How to do
this checking in a useful way is still, in my opinion, a very open
question.
-wayne