On Mon, 2009-05-11 at 19:36 -0700, John Hardin wrote: > On Tue, 12 May 2009, Ned Slider wrote: > > > Then you get phish where the From address is a bank domain, and the > > envelope address is from a completely unrelated domain with a valid spf > > record so even a simple From_Bank && spf_pass isn't going to work. > > That might make a useful general rule, though: SPF Pass and the From: > header in a different domain than the envelope From: address...
No, that's the way things like mail lists are supposed to work. And other useful things like fedex package notifications - you put your address in the message for Fedex to send, and they use fedex.com for the envelope address. Perfectly legal and expected behavior -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part