On 15.10.16 20:13, Petr Bena wrote:
> One of solutions that I proposed is an optional SA plugin that would
> treat the email found in "From:" header as envelope sender and check
> against that, raising the score or doing something if it failed.
A sending mail on behalf of B does not automatically imply illegitimate
mail. There are whole businesses based on this (which DMARC acknowledges
by the way).
> you deemed this solution evil and something what should never be done
> on any mail server, even if that mail server was used only by people
> who don't care about mailing lists at all.
That is not even close to what I wrote. Please read my message again,
and don't misrepresent my comments in a sensationalist fashion. We're
not having the U.S. presidential elections here. ;-)
> So is there actually any other solution? That is what I am looking for,
> and that is why I started this thread.
Detection of sender domain spoofing is possible, to a degree, but I
don't see how outright prevention would be possible.