On Sat, 2 Jun 2012, Matt Simerson wrote: > Is it a good idea to validate that the MAIL FROM address is the same as > the From: header in the message? > > What exceptions need to be made, if any? > > What problems might I encounter if I were to do this?
For starters, you would penalise this message, and perhaps not see it. > If the To header exists, shouldn't that also be validated against RCPT TO? Also wouldn't work well for mailing list messages.