>From: Wietse Venema <wie...@porcupine.org> >To: Postfix users <postfix-users@postfix.org> >Sent: Sunday, December 18, 2011 5:40 PM >Subject: Re: Best Practice for (not)allowing "spoofed" MAIL FROM addresses > >Steve Fatula: >> Have not seen a discussion of this lately, I'd like to hear pros >> of disallowing said spoofing. It appears it's "allowed" in the >> SMTP "standard". So, are there reasons to not allow it? > >You mean, forbid mailing list postings (like yours), because they >arrive from outside, but have a sender address inside the network? > > Wietse > >No, speaking of sending email. So, a postfix system where I might have a user >st...@domain.com, yet, send mail as this yahoo address, both envelope and >sender. I am not speaking of blocking or checking incoming mail, talking about >essentially things like reject_sender_login_mismatch et al. While I understand >the intent of preventing this when used by spammers, I can also understand >that sometimes, it may be valid to change the mail from.
So, in general, what I am asking is what is the currently accepted best practice (if any)? I see spf as the tool to detect it, not my question. I am asking if mail systems could allow it, yet, be good netcitizens.
