On 7/19/2016 3:46 PM, Shawn Heisey wrote: > > I *thought* I had everything set up so it would check SPF records on any > message coming in from the Internet, but one of our executives received > a spam email that had another of our executives as the "From" address.
Are you talking about the From: header? That header is not protected by SPF; you'll need to find another way to detect spam with forged From: headers. Forged From: headers are a difficult problem to solve. For example, this message claims to be From me, but the actual sender is the postfix-users list. -- Noel Jones
