I'm getting more and more spam that uses one domain for the
<return-path> header and another domain (typically my own domain) for
the <from> header. I have discovered that the SPF matcher only checks
the <return-path> domain and ignores the <from> domain. It would seem
to me that if only one header domain is checked, it would make more
sense to to check the <from> address, since that is the one that is most
likely being spoofed and is the one that appears in the email client.
Is there a reason why SPF only checks the <return-path> header and not
the <from> header? I'm back to allowing all kinds of spam getting
through the server to my clients that is supposedly "from me".
Advice? Is this an oversight? Is it by design?
Thx.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
