SenderId Agent Test

The Sender ID agent is an anti-spam agent that is enabled on computers that have the Microsoft Exchange server 2007/2010 Edge Transport server role installed. The Sender ID agent relies on the RECEIVED Simple Mail Transfer Protocol (SMTP) header and a query to the sending system's domain name system (DNS) service to determine what action, if any, to take on an inbound message.

Sender ID is intended to combat the impersonation of a sender and a domain, a practice that is frequently called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified to appear as if it originates from a sender other than the actual sender of the message.

In essence, Sender ID asks a question: “Has this e-mail message been spoofed?” If the answer is “Yes, it has been spoofed,” the Sender ID filter rejects or deletes the message immediately. If the answer is “No, we can confirm the sender’s authenticity,” the message is assigned a Sender ID status and transmitted to Intelligent Message Filter, if Intelligent Message Filter is enabled on the server, for additional anti-spam processing.

SenderID

Figure 1 : How the Sender ID filter works?

Here are the steps in the Sender ID verification process in Figure 1:

  1. A sender sends an e-mail message to the receiver.
  2. The receiver’s inbound mail server receives the e-mail message and extracts the PRA.
  3. The inbound mail server checks which domain claims to have sent the message, and examines the domain name system (DNS) for the sender policy framework (SPF) record of that domain. These SPF records identify authorized outgoing e-mail servers. The inbound server determines whether the sending e-mail server's IP address matches any of the IP addresses that are published in the SPF record.
  4. If the IP addresses match, the e-mail message is authenticated and delivered to the receiver. If the IP addresses do not match, the e-mail message fails authentication and is not delivered.

Based on the evaluation of the Sender ID record, every message is stamped with a Sender ID status. Intelligent Message Filter considers this status for the final assignment of an SCL rating, if Intelligent Message Filter is enabled on the server and the status is also available as an output from the Sender ID filter.

This test reports statistics related to the anti-spamming activities performed by the Sender ID agent, and reveals its overall efficiency.

Target of the test : A server configured with the Hub Transport role

Agent deploying the test : An internal agent

Outputs of the test : One set of results for the Hub/Edge Transport server being monitored.

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

Indicates the IP address of the Hub Transport server.

Port

The port number of the Hub Transport server. By default, this is 691.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Messages validated by Sender Id agent

Indicates the number of messages validated per second.

Msgs/Sec

 

Messages with no PRA

Indicates the number of messages per second that were detected as not having a valid PRA.

Msgs/Sec

When you enable Sender ID, each message contains a Sender ID status in the metadata of the message. When an e-mail message is received, the Edge Transport server queries the sender's DNS server to verify that the IP address from which the message was received is authorized to send messages for the domain that is specified in the message headers. The IP address of the authorized sending server is referred to as the purported responsible address (PRA). PRA is calculated based on the following message headers:

  • Resent-Sender:
  • Resent-From:
  • Sender:
  • From:

A high value of this measure indicates that the Sender ID agent has rejected many messages owing to an invalid PRA.

Messages with SoftFail result

Indicates the number of messages that were validated per second with a SoftFail result.

Msgs/Sec

Anti-spam stamps help you diagnose spam-related problems by applying diagnostic metadata, or "stamps," such as sender-specific information, puzzle validation results, and content filtering results, to messages as they pass through the anti-spam features that filter inbound messages from the Internet.

The Sender ID (SID) stamp is based on the sender policy framework (SPF) that authorizes the use of domains in e-mail. The SPF is displayed in the message envelope as Received-SPF. The Sender ID evaluation process generates a Sender ID status for the message. If the status returned is SoftFail then it means that the IP address of the sender may not be in the SPF. Softfail is considered less trusted than Neutral, where the sender ID verification check is inconclusive. 

Messages with a fail – non-existent domain - result

Indicates the number of messages that were validated per second with a Fail – Non-existent Domain result.

Msgs/Sec

 

Messages with a fail – malformed domain result

Indicates the number of messages per second that were validated with a Fail – Malformed Domain result.

Msgs/Sec

 

Messages with a Fail Not Permitted result

Indicates the number of messages per second that were validated with a Fail – Not Permitted result.

Msgs/Sec

 

Messages with a None result

Indicates the number of messages per second that were validated with the result of None.

Msgs/Sec

The None result signifies that no published SPF data exists in the sender's Domain Name System (DNS).

Messages with a TempError result

Indicates the number of messages per second that were validated with a TempError result.

Msgs/Sec

The TempError result denotes that a temporary DNS failure occurred, such as an unavailable DNS server.

Messages with a Neutral result

Indicates the number of messages per second that were validated with a Neutral result.

Msgs/Sec

The TempError result implies that Sender ID verification check was inconclusive.

Messages with a Pass result

Indicates the number of messages per second that were validated with a Pass result.

Msgs/Sec

A Pass result indicates that the IP Address and Purported Responsible Domain pair passed the Sender ID verification check.

Messages missing originating IP

Indicates the number of messages for which the originating IP could not be determined.

Msgs/Sec

 

Messages with a PermError result

Indicates the number of messages per second that were validated with a PermError result.

Validates/Sec

A PermError result indicates that the DNS record is invalid, such as an error in the record format.