On Fri, Mar 30, 2018 at 08:38:34AM +0200, Lorenzo Petracchi wrote: > In the last few weeks our e-mail users are receiving many messages with > their own address as From header. > > I understand that there are many legitimate reasons why the From header is > free but I would like to understand if it is possible and if it makes sense > to reject incoming mail that contains addresses in the form > al...@mydomain.it in the header field when the sender is not an our SASL > authenticated SMTP sender or when they do but does not own that address. > > Lorenzo
This is basically what SPF is good for. I set up my mail server to reject SPF failures on domains that I control, since I know that my servers are the only ones authorized to send mail from those domains. I used to get quite a bit of From: fakename@my.domain spam, and SPF enforcement put a quick end to that. --Sean
