Op maandag 06 februari 2012 23:24:45 schreef Pascal Terjan: [...] > There is no need to "hack" an email account to use an address as From. > This email was sent with the From field containing an email address > which is subscribed to the list so it would be accepted even if anyone > else had sent it.
but, isn't the envelope-from address used? i didn't see it in the email headers? and i did see DKIM, so i would guess it can be used to verify it? also, you should check SPF and From-header based SPF too, the new DMARC policy also takes care of that, it seems...
