>From: Marc Perkel <supp...@junkemailfilter.com> >Sent: Monday, March 6, 2017 11:05 AM >To: users@spamassassin.apache.org >Subject: Re: New whitelisting trick using from and spf
>> do you mean the header From: address? >> >> because anyone doing SPF does spf checks does what you describe on the >> envelope from: addres. >Yes - I'm using the headers From: address. Not good. SPF should be checked against the envelope-from address which is more trustworthy. The From: header can be spoofed trivially with no validation/authentication if DMARC is not enabled. Most email is not enabled for actual DMARC checking. Most have SPF enabled. Some have DKIM enabled. But DMARC can go one step further to check the From: header and most don't do it unless they are a major target of spoofing like Paypal, eBay, etc. Dave
