> What MIMEDefang puts in $sender is the _envelope_ sender, which you > did not specify in this email. The envelope sender need not be visible > in the header, but it usually is, either as Return-Path, in the (in > case of mbox format) "From " line, or in the Received: ... from ... > header.
Good point... > In the above case, I'm _guessing_ that the envelope sender is the same > as what is put in the "Sender:" header, so in that case, your check would > work fine. ...And Outlook is obviously looking at the header "Sender:". > Oh, there will be broken web forms somewhere that send email with > whatever someone will type in a form. It remains to be seen whether > those are "legitimate". I agree. For the broken ones, I can add in a provision to use my existing whitelisting code to exempt if needed. It's faster for me to do that than to get the site to fix their code. Thanks again. Ken _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
