Sender authentication part 20: Advantages of PRA vs MAIL FROM

Microsoft is shortly coming out with some documentation on SenderID and the business case for its implementation.  Hopefully by now I have demonstrated its usefulness.

The Purported Responsible Address has a couple of advantages when deciding to support SenderID vs SPF:

1. It is the identity that is typically seen by users and therefore helps to detect phishing
2. It is derived from RFC 2822 message headers, the Resent-Sender, Resent-From, Sender and From addresses.  This allows for easier adoption for forwarders.

The MAIL FROM has the following advantages:

1. It helps to reduce "joe-jobs" by counteracting fake bounce messages (return-paths)
2. Checking on the data can begin before the message data is received; this means that depending on the implementation, mail servers can save on bandwidth.

Both techniques can use the same SPF record format, though with SenderID the implementers need to know what they are doing since SPF classic was originally designed to be used on the envelope sender domain.