“Some of the emails I send are bounced back to me with a ‘SMTP diagnostic: 550 5.7.1 Sender ID (PRA) Not Permitted’ error message. What does it mean and what can I do about it?”
Sender ID tries to improve on a principal deficiency in Sender Policy Framework (SPF): that SPF does not verify the header addresses that indicates the sending party. Such header addresses are typically displayed to the user and are used to reply to emails. Indeed such header addresses can be different from the address that SPF tries to verify; that is, SPF verifies only the ‘MAIL FROM’ address, also called the envelope sender.
However there are many similar email header fields that all contain sending party information; therefore Sender ID defines in RFC 4407 a Purported Responsible Address (PRA) as well as a set of heuristic rules to establish this address from the many typical headers in an email.
What has this to do with my problem
In essence, in addition to verifying the ‘MAIL FROM’ address, a mail server running Sender ID may also check whether the IP address from which we deliver your email matches the SPF records for the header address. In case your domain has a Hardfail SPF record defined without listing our IP addresses, your email will be rejected as illegitimate.
What can I do to solve this problem
There are several things you can do:
- List our IP range in your SPF record. By doing so, your SPF record will still protect others from spoofed emails pretending to be yours, whilst allowing us to be a legitimate source for the emails you send. Contact Support for instructions.
- Switch your SPF record from Hardfail to Softfail. By doing so, an email coming from our IPs may still look suspicious to others, but it will be up to the recipient’s mail server to decide whether to accept it as legitimate or not.
- Ask us to take action. This Sender ID drawback does not only affect us, but also any forwarder and mailing list sending emails on behalf of others. Being aware of this, Sender ID had to provide some way to identify as legitimate any email being legitimately forwarded by others. And there is: Sender ID proposes that we add a line to the email header, informing the recipient’s mail server that we are resending an email we’ve received from you. This solution will certainly do the trick however, it is not clear within the Internet community whether it conflicts with the Simple Mail Transfer Protocol standard. For this reason, we will only apply this solution upon demand and only when no other alternatives can be applied.