How to detect forged From and Reply-to addresses from your own domain

Mark Sapiro mark at
Sat Mar 6 17:19:51 GMT 2010

On 11:59 AM, Daniel Straka wrote:
> Jules,
> This is working quite well on the MailScanner server that only
> receives messages. What might be the drawbacks to leaving this rule
> in place? I haven't seen any FP's yet and it's marked a thousand
> messages as spam already. If there's not really any drawbacks...would
> there be a similar rule for a MailScanner server that receives and
> sends mail for our domain?

For drawbacks to Jules' suggestion (possibly to the whole idea),
consider the following:

You are my employer.

I set up a pop3 or imap account on my MUA at home to access my work mail.

My ISP redirects all port 25 connects to its own servers so even if I
know what I'm doing, I can't use your MTA for my outgoing mail for this

Now, all my replies from home to my co-workers will be seen as spam
because they are From: my work address, but the sending MTA is my home ISP.

The same problem exists if SPF is used.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list