On Tue, 12 May 2009, Ned Slider wrote:
Then you get phish where the From address is a bank domain, and the envelope address is from a completely unrelated domain with a valid spf record so even a simple From_Bank && spf_pass isn't going to work.
That might make a useful general rule, though: SPF Pass and the From: header in a different domain than the envelope From: address...
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security. -- Bruce Schneier ----------------------------------------------------------------------- 10 days until the 5th anniversary of SpaceshipOne winning the X-prize