On 2020-12-15 Jeff Abrahamson wrote: > On 15/12/2020 12:36, Ansgar Wiechers wrote: >> Spoofing the envelope from address (Return-Path: <ad...@p27.eu>) is >> actually valid (per the SMTP protocol) and a common occurrence for >> mail sent by bad actors. > > Is prohibiting spoofing envelope from recommended? I'm not clear on > what, if anything, it would break. I note that this doesn't happen to > me often.
Depends on what your mail infrastructure looks like. If only allowed mail (i.e. anything that is allowed further up in the restrictions, like mynetworks or authenticated users) should be allowed to send mail with a >From address like that I'd say you can safely add that restriction. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
