On 2/28/19 9:33 AM, Mike Marynowski wrote:
I'm doing grabs the first available address in this order: reply-to, from, sender.
That sounds like it might be possible to game things by playing with the order.
I'm not sure what sorts of validations are applied to the Sender: header. (I don't remember if DMARC checks the Sender: header or not.)
How would your filter respond if the MAIL FROM: and the From: header were set to something that didn't have a website, yet had a Sender: header with <something>@gmail.com listed before the Reply-To: and From: headers?
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
