On Mon, Nov 14, 2022 at 04:16:19PM +0100, wodel youchi wrote:
> Some of my users got emails pretending to be from the admin, but looking
> into the source of these emails, the From header was modified to mislead
> the users, but the return-path still holds the real sender email address.
>
> What is the best way to deal with this? Is it a good idea to match the From
> header with the Return-path, if yes how?
There is no requirement that the envelope sender match the "From:"
header, all the mail you receive via this list legitimately fails that
test.
--
Viktor.
