The purpose of SPF is to REJECT messages before the data phase. This cannot be done if you are checking the RFC-822 From: header since that requires accepting the message and invalidates the entire purpose of SPF.
I have never seen an SPF implementation that uses the RFC-822 header From. Doing so would be pointless. > -----Original Message----- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Grant Taylor via > NANOG > Sent: Wednesday, 29 March, 2017 09:26 > To: nanog@nanog.org > Subject: Re: Microsoft O365 labels nanog potential fraud? > > On 03/29/2017 09:12 AM, William Herrin wrote: > > Both SPF and DKIM are meant to be checked against the domain in the > > envelope sender (SMTP protocol-level return address) which the NANOG > list > > sets to nanog-boun...@nanog.org. Checking against the message header > "from" > > address is an incorrect implementation which will break essentially all > > mailing lists. > > That may be what the original intent was. > > Every SPF implementation I've seen has checked the SMTP envelope FROM > address /and/ the RFC 822 From: header address. > > Granted, that does not mean that it's the correct behavior. > > > > -- > Grant. . . . > unix || die
