Hi > I had a phishing mail skip my spf check. The spf check was done on > the Return-Path and not the From:. Is a default convention? How does > spamassassin treat a different Return-Path and From in a message?
You have to distinguish the 'envelope' of the email, the addresses technically needed to transmit the email. and The 'content' of the email. That stuff you find on the letter head after you 'open' the envelope. Return-Path: is usually the envelope, so this is what the mailserver sees and this is what is being checked against SPF. The From: Header is part of the Email Content. And Mailserver don't look at it. This is what content scanning software does, like SpamAssassin. So SpamAssassin could check the From: header address against SPF, but that would probably not work in many many cases. The remedy to fake content From: headers is that the owner of the From: Domains uses DKIM to sign the From: header, that he has a DMARC policy in place and that DKIM and DMARC are checked on the Recipient side. So yes, unfortunately email has become quite 'complicated' and you have to use alle of SPF, DMARC and DKIM to try to avoid abuse. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
