Check 'MIME From' and SMTP 'MAIL FROM' against SPF

Mark Sapiro mark at
Tue Sep 15 14:46:55 UTC 2015

On 09/15/2015 02:38 AM, L wrote:
> We’ve stumbled upon SPF recently: when a foreign domain has valid SPF
> for himself, it can send emails to our domain with smtp ‘mail from:
> anyaddress at <mailto:anyaddress at>‘, but state ‘From:
> user at <mailto:user at>’ in MIME header, and it
> won’t cause SPF checks in SpamAssassin to fail. Is there any way I can
> check MIME from against SPF? Seems like I’m missing something here.

The short answer is No. SPF is designed to work with the domain of the
envelope sender (SMTP MAIL FROM address). It pays no attention to the
address in any From: header.

You may be interested in DMARC <>.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list