What value does SenderID provide over SPF and DKIM?
- by makerofthings7
I understand that
SPF "binds" a message envelope to a set of permitted IP addresses.
SenderID (with the default pra option) "binds" the message header to a set of permitted IPs in addition to the SPF logic.
DKIM "binds" the from address header (and any additional header the sender chooses), and the body to a DNS Domain name
I'm using the word "bind" above instead of "authorized" because it makes more sense (to me)
Questions:
If SPF is already verifies a message FROM in the envelope, why is there a need to check the headers?
When would the need to verify the envelope (SPF) need to be different than the headers (SenderID)
If I'm already verifying the headers with DKIM, why do I need SenderID?
Most large companies I've checked don't disable SenderID with an explicit record. EBay is a notable example of one that does. What is the rationale for disabling SenderID "pra" processing of outbound messages?