I'm seeing fake Facebook spam that is sent from Gmail, with the envelope From set to the Gmail hosted domain, and the header From set to @facebookmail.com.
I'm using spamassassin and SPF, and the message is allowed through, as the Gmail hosted fomain is in Gmail's SPF. But what the client sees is facebookmail.com. I'm unsure of what the typical procedure is on this, and didn't find anything useful in a web search, but wouldn't it make sense to run SPF on the header From as well? Is that something Postfix could be set to do? What about triggering some action if the header and envelope From are different? Seems like spammers have an easy way of forging domains (at least from the end user's perspective) while avoiding SPF altogether. - Darek
