On Wed, 14 Oct 2015, Dave Wreski wrote:
Hi,
On 10/14/2015 06:08 PM, Dianne Skoll wrote:
On Wed, 14 Oct 2015 17:51:23 -0400
Alex <mysqlstud...@gmail.com> wrote:
I'd like to make sure incoming mail that appears to be "From:" one of
our internal users has indeed gone through one of the systems
specified in the SPF record, resulting in an SPF_PASS.
Can't be done. SPF looks at the envelope sender (what end-users know
as the Return-Path:) and not at all at the From: header.
Yes, I realize SPF is only concerned with the envelope-sender. I was thinking
it would be possible to somehow correlate the SPF_PASS with a rule that
analyzes the From: header and use that to compare?
Thanks,
Alex
The problem with that approach is that the phish spammer can create a
valid SPF record for a domain they control, put that in the envelope
from, and your domain in the header "From:"
Thus you'll have a message that passes SPF for the env-from but still
has a deceptive header "From:"
DKIM is the way to go as Dianne says, then you know you can trust
the contents of the header "From:" (assuming you've checked to make sure
that the DKIM sig came from your system).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
