On 03/06/17 15:22, David Jones wrote:
From: Marc Perkel <supp...@junkemailfilter.com>
Sent: Monday, March 6, 2017 11:05 AM
To: users@spamassassin.apache.org
Subject: Re: New whitelisting trick using from and spf
do you mean the header From: address?
because anyone doing SPF does spf checks does what you describe on the
envelope from: addres.
Yes - I'm using the headers From: address.
Not good. SPF should be checked against the envelope-from
address which is more trustworthy. The From: header can be
spoofed trivially with no validation/authentication if DMARC is
not enabled. Most email is not enabled for actual DMARC checking.
Most have SPF enabled. Some have DKIM enabled. But DMARC
can go one step further to check the From: header and most don't
do it unless they are a major target of spoofing like Paypal, eBay,
etc.
Dave
Yes - I'm doing something different - and possibly more effective. And
it's working really well. Those who spoof would fail the test and not
get while listed. The fact that From is easier to spoof makes it more
effective - not less.
So if the from is @paypal.com and the sending host is not SPF compatible
then it doesn't get white listed. Seems to be working very well.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
