Hi all, Yesterday I saw this message that a bug in mailclients allow sender spoofing which bypasses SPF/DKIM/DMARC mechanisms. Maybe you've read about it. More information about it here: https://www.mailsploit.com/index
I was thinking that there might be a possiblity to detect this in spamassassin to protect our users against this. Something with the newline character or null byte in the FROM header, but I'm not that handy with it. Someone of you maybe already created a rule? -- Frido
