Diego 'Flameeyes' Pettenò wrote: > On Wednesday 08 November 2006 21:01, Kurt Lieber wrote: > >> So, in other words, spammers aren't abusing anything related to SPF. >> They're sending mail using forged return-paths and SPF is highlighting >> that. Which is exactly what SPF is designed to do. >> > If I were to send my gentoo mail through a mail.flameeyes.is-a-geek.org, with > its own SPF record, (I'm not as this is not a "real" domain I have access to, > nor a mailserver for what it's worth), with a From: [EMAIL PROTECTED] and > a Sender: [EMAIL PROTECTED], would it be a PASS or a FAIL in > SPF? > > It doesn't matter what From, Sender or whatever else in the message header. The part that counts is the Return-Path (the "mail from:" part of the SMTP protocol).
Of course, MUAs such as Thunderbird don't give you the possibility to set that and it will be the same as your From address. A SPF-capable MTA will PASS your message to the recipient. However, SA will add 1.1 to the message spam score because of the SPF_NEUTRAL test.
signature.asc
Description: OpenPGP digital signature
