SV: SV: Spoofing and SPF

Trond M. Markussen markussen at
Mon Sep 12 13:59:02 UTC 2016


So in other words the SPF check is based on the envelope sender as seen here
Return-Path: at and not the from: From:
"Bob Client," <bob at> ? 

In other words, SPF does not prevent spoofing in these cases?

I should probably explain our setup better though; we have a meta rule in
effect that will give a score of 10 if triggered. This meta rule is applied
if the following two rules are triggered: FROM_CUSTOMERDOMAIN and SPF_FAIL

CUSTOMERDOMAIN is the client that only wants to allow e-mails from their own
domain if the sender is listed in their SPF record.

This seems to filter out 99% of spoofed emails from their domain, but some
keep getting through - and in these cases the FROM_CUSTOMERDOMAIN rule is
triggered, but not SPF_FAIL/SPF_SOFTFAIL. 

0.00 	FSL_BULK_SIG	 
1.50 	HELO_MISC_IP	 
0.00	HTML_MESSAGE	HTML included in message
0.50	RAZOR2_CF_RANGE_51_100	Razor2 gives confidence level above 50%
1.89	RAZOR2_CF_RANGE_E8_51_100	Razor2 gives engine 8 confidence
level above 50%
0.92	RAZOR2_CHECK	Listed in Razor2 (
1.05	RDNS_NONE	Delivered to trusted network by a host with no rDNS
1.50	SPF_SOFTFAIL	SPF: sender does not match SPF record (softfail)


Trond M.

-----Opprinnelig melding-----
Fra: MailScanner
[ at] På
vegne av Mark Sapiro
Sendt: 12. september 2016 14:53
Til: MailScanner Discussion
Emne: Re: SV: Spoofing and SPF

On September 12, 2016 1:50:29 AM PDT, "Trond M. Markussen"
<markussen at> wrote:
>Yes, FROM_CUSTOMERDOMAIN is based on from: but in these cases that rule 
>was triggered. However, the emails seem to have passed  the SPF check 
>even though the senders were not listed in the SPF record for that 

That's because SPF is not based on the domain of From:. It is based on the
domain of the envelope sender which is not necessarily the From: domain.

Mark Sapiro <mark at>
Sent from my Not_an_iThing with standards compliant, open source software.

MailScanner mailing list
mailscanner at

More information about the MailScanner mailing list