On 10/04/2014 04:08 AM, David F. Skoll wrote:
Also, in this particular case, the Return-Path:
<americanexpr...@welcome.aexp.com> header was fake... it was put
there by the sender. The actual envelope sender was completely
different: It was<41324...@mail.com>. So it occurs to me that if
a mail comes in with a Return-Path: header that does not match
the envelope sender, that's another very suspicious sign.
I've seen some incredibly creative web/erp apps do this.
For a wider user base I wouldn't risk such a check... for my home
server, definitely.
