On Mon, 2 Nov 2020 15:50:42 +0100 Matus UHLAR - fantomas wrote: > Hello, > > I am looking at mail received from pobox.sk (freemail currently > belongs to under centrum.sk). > > the mail came from centrum.sk servers, hitting: > FREEMAIL_FROM - okay > SPOOFED_FREEMAIL - why? > > I understand pobox.sk seems to have no SPF nor DKIM records, how does > SA check if it's spoofed? > does it implicitly assume that the mail is spoofed in this case?
It's looking for the absence of anything that suggests it's not spoofed. I presume it's based on an assumption that freemail addresses have, at least, SPF.
