On Fri, 3 May 2019 06:55:40 -0700 (MST) user321 wrote: > Any reason why SA is checking for SPF against envelope from not the > header from?
Because that's how SPF works. > I am rejecting the SPF_FAIL e-mails on Postfix (-all only), but still > spammers can forge the header from field. > Can I change SPF plugin to work with header from? If yes how? > What are the pros and cons of that? Generally you don't want to enforcing a modified standard that no one else knows about. DMARC solves the problem by requiring that for a DMARC pass from SPF the envelope address has to be aligned with the from header address.