Kelson wrote: > Bob Proulx wrote: > > I am trying to understand how SpamAssassin 3.0.0 is checking SPF on > > messages. It seems to be checking the Return-Path: address (envelope > > address) and not the From: address (header address). That's wrong, > > isn't it? Shouldn't it be checking the header address? Of course > > when I reply my mailer uses the header From: address to generate the > > response message. > > No, SPF is designed to check the envelope sender, not the address in the > header. > > In case you're wondering why, note the From: and Return-Path addresses > on this message. If SPF checked the From: address (@speed.net), it > wouldn't pass (mail.apache.org is not likely to be listed in the average > list member's SPF record)
Aha! Yes, that makes perfect sense. (Feeling sheepish that I did not see that clearly myself.) Thanks Bob
