How to detect forged From and Reply-to addresses from your own domain

Michael Masse mrm at
Fri Mar 5 16:47:01 GMT 2010

>>> "Daniel Straka" <Dstraka at> 3/5/2010 10:00 AM >>>
We are receiving a ton of SPAM where the From and/or Reply-to addresses have been forged so they appear to have come from users in our own domain. Of course, these BC several users at a time. Is there any way to detect these with MailScanner?

There are many potential solutions provided in the archive of this list because this question has been asked numerous times.   The consensus is that you should utilize SPF on your MTA to block most of these that have your domain from address in the reply-to address or envelope stage, and a custom spamassassin rule to take care of the ones that use your domain in the message body portion FROM: address.  I also use a milter called mailfromd in addition to spf which gives much finer control.  
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list