Check 'MIME From' and SMTP 'MAIL FROM' against SPF
Mark Sapiro
mark at msapiro.net
Tue Sep 15 14:46:55 UTC 2015
On 09/15/2015 02:38 AM, L wrote:
>
> We’ve stumbled upon SPF recently: when a foreign domain has valid SPF
> for himself, it can send emails to our domain with smtp ‘mail from:
> anyaddress at domain.com <mailto:anyaddress at domain.com>‘, but state ‘From:
> user at ourdomain.com <mailto:user at ourdomain.com>’ in MIME header, and it
> won’t cause SPF checks in SpamAssassin to fail. Is there any way I can
> check MIME from against SPF? Seems like I’m missing something here.
The short answer is No. SPF is designed to work with the domain of the
envelope sender (SMTP MAIL FROM address). It pays no attention to the
address in any From: header.
You may be interested in DMARC <https://dmarc.org/>.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list