Sender ID is a method developed by researchers at Microsoft for verifying the sender of an email communication. This is one among a number of tactics developed by various working groups for addressing issues like spam, phishing, and ethically dubious uses of email systems. The framework is similar to sender policy framework (SPF), although it works slightly differently, focusing on different aspects of an email to verify the sender's identity.
Under sender ID, when email arrives on a server for someone, the server looks up the originating information in the headers and then checks with a domain name server (DNS) to see if the stated identification of the sender matches the server data. If an email purporting to come from exampleemailservice.com resolves to a different server, the sender ID system knows that the email is trying to spoof the recipient, tricking the person into thinking it comes from one place when it's actually from another.
The system will flag emails with originations that do not match the claims made in their headers. These can be deleted, bounced back to the sender, sent to a spam trap, or quarantined. The sender ID system can be configured in the way that best suits the needs of the users. Some users want to know what kinds of email are being flagged, while others may want people attempting to spoof them to know that the emails are not getting through.
The disadvantage to sender ID is that if records are outdated or erroneous, as can happen, email may be trapped in the system when it is actually legitimate. It can take up to 48 hours for changes of information to propagate across the DNS system. Someone might, for example, move a domain to a new host and then email a friend. The email would be caught by the sender ID authentication because it wouldn't match the existing record the system finds, even though it is genuine.
As with other measures designed to increase email and computer security, sender ID has strengths and weaknesses. People interested in facilitating spoofing, spamming, and similar activities with email can work to develop workarounds and exploits to take advantage of the holes they find in such security frameworks. For this reason, security experts recommend creating layers of security. If a malicious email slips through sender ID, for example, it might be caught by an antivirus program and sent to quarantine before someone opens it and infects the system.