On Wed, 7 Feb 2007, Randy Pearson wrote: > On Wednesday 07 February 2007 14:25, Jason R. Mastaler wrote: > > How is it anymore of a spam hole than a spammer forging the "From:" > > address? > > I use SPF on my domains to detect and prevent "From:" address spoofing. SPF > is not designed to analyze "Reply-To" addresses however. > > I have had a few pieces of spam slip through my filters over the past couple > of years exactly because of this loophole.
It's up to several times a day on my Wife's account. (just recently) The test I did just after Jason's post would indicate that there is no difference. :-( I too use SPF but it looks like it only addresses the from address in the envelope not the "From:" header. So my question might be, since From: & Reply-To: are so trivialy forged why do we trust it? Isn't that the whole idea of using the envelope-from the MTA provides? -- Tim Rice Multitalents (707) 887-1469 [EMAIL PROTECTED] _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
