On Thu, 2015-02-12 at 15:07 -0400, francis picabia wrote: > SPF works as designed. Forget SPF. > Quite: the only real use for SPF is to prevent you inadvertently spraying innocent people with backscatter. If the sender has been forged by a spammer and your MTA can't deliver it (usually because the spammer used an unrecognised recipient name) then an SPF check will show that the sending IP is wrong and your MTA can drop the message in the bit bucket rather than sending a reject message to the owner of the forged sender address.
> Let's say you want to introduce a spamassassin tag on any > email where the From: line contains exactly "@example.com" > > I've read the page spamassassinConf.html and it is isn't clear > to me what envelope_sender_header does. What would happen > if it was set to "From"? > Its not what it does so much as who created it. Since its added by the sending MTA its a bit harder to forge, especially by kiddies trying to send spam via some social website. The From: header set up by the MUA means nothing since anybody or anything could have put what they like in it or even omitted it entirely. If you run a mail archive, you can consider using that as a whitelist: only whitelist addresses which your archive says you've previously sent mail to. Martin
