Re: different Return-Path: and From:
For future reference if you want to start a new thread, compose a new email to the list address. Don't reply to a random post and replace the subject and body. Traditional threading is based on headers, and isn't affected by changing the subject. On Fri, 30 Oct 2020 16:02:52 +0100 Marc Roos wrote: > > I had a phishing mail skip my spf check. The spf check was done on > the Return-Path and not the From:. Is a default convention? It's not a convention, it's part of the original specification and now the RFC. SPF runs against the envelope sender, with the helo hostname as a secondary check. SPF_PASS has only a nominal score, with SPF whitelisting you are whitelisting the envelope address, so it doesn't matter hugely. > How does > spamassassin treat a different Return-Path and From in a message? There are some meta rules that involve a comparison.
Re: different Return-Path: and From:
Hi > I had a phishing mail skip my spf check. The spf check was done on > the Return-Path and not the From:. Is a default convention? How does > spamassassin treat a different Return-Path and From in a message? You have to distinguish the 'envelope' of the email, the addresses technically needed to transmit the email. and The 'content' of the email. That stuff you find on the letter head after you 'open' the envelope. Return-Path: is usually the envelope, so this is what the mailserver sees and this is what is being checked against SPF. The From: Header is part of the Email Content. And Mailserver don't look at it. This is what content scanning software does, like SpamAssassin. So SpamAssassin could check the From: header address against SPF, but that would probably not work in many many cases. The remedy to fake content From: headers is that the owner of the From: Domains uses DKIM to sign the From: header, that he has a DMARC policy in place and that DKIM and DMARC are checked on the Recipient side. So yes, unfortunately email has become quite 'complicated' and you have to use alle of SPF, DMARC and DKIM to try to avoid abuse. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __
RE: different Return-Path: and From:
> so you want your own messages blocked everywhere? I do not know yet. I can assume this different on something like a mailing list. It is irritating that the From has a credible name, in this case from a bank.