On Thu, Feb 12, 2015 at 12:33 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > Spf deals with the envelope sender not the from address. > > Beyond that it, you might find dkim to be a better solution to prevent > others spoofing your domain. > Regards, > KAM >
Thanks for the reply. Has anyone tried a test like the Spoofing test available at knowb4.com? You fill in a form, then they send a test email from your.b...@example.com , where example.com is your own domain. It is not caught by SPF, and it passes DKIM. I'm talking about inbound email at your MX, and spoofing of the From address. Everything else (sender, helo) matches the origin. > On February 12, 2015 11:17:38 AM EST, francis picabia <fpica...@gmail.com> > wrote: >> >> Our spamassassin 3.3.1 is marking email with tags like and >> SPF_SOFTFAIL and SPF_FAIL, as long as the sender info >> is failing the SPF test. But if the sender passes the test >> and the From: address is from our domain, then there >> are no SPF tags appearing. >> >> The risk is that users don't look at the sender, only the From: >> field of their email, and this can potentially allow phishing. >> >> Has anyone encountered this issue and resolved it?
