SenderID is a standard proposed by Microsoft which protects against spoofing the RFC5322.From address, the one that the user sees in their email client. However, SenderID does not have the same level of widespread industry deployment that SPF or DKIM do.

SenderID was primarily used in Hotmail and on-premise Exchange servers deployed locally within organizations.

SenderID tries to improve on a principal deficiency in SPF: that SPF does not verify the header addresses that indicates the sending party. SPF verifies only the “MAIL FROM” address, also called the envelope sender; However, there are many similar email header fields that all contain sending party information.

Sender ID is almost identical to SPF except that v=spf1 is replaced with one of:

• spf2.0/mfrom - meaning to verify the envelope sender address just like SPF.
• spf2.0/mfrom,pra or spf2.0/pra,mfrom - meaning to verify both the envelope sender and the PRA.
• spf2.0/pra - meaning to verify only the PRA.

v=spf2.0/pra include:1.2.3.0/24 –all

OR

news.example.com

v=spf2.0/pra include:advertize.com –all

• spf2.0/pra means that this is a SenderID record.
• pra means to apply this to the domain in the Purported Responsible Address, which is either the domain in the Sender: (rarely) or RFC5322.From (usually).“

It does mean that you must create and delegate a subdomain for 3rd parties to send on behalf of you and publish their SPF records in that subdomain's SenderID record. If you ever change 3rd parties, you must update this SenderID record. And if this 3rd party ever starts sending spam using your subdomain, it will pass a SenderID check (it can also pass an SPF check).

However, even if it does go rogue, it can only pass a SenderID check for this delegated subdomain. In this example, it can only SenderID pass news.example.com. It will not pass example.com, confirmations.example.com, and so forth. The damage is contained (and can be revoked by unpublishing the IPs from the SenderID record).