Spf deals with the envelope sender not the from address. Beyond that it, you might find dkim to be a better solution to prevent others spoofing your domain. Regards, KAM
On February 12, 2015 11:17:38 AM EST, francis picabia <fpica...@gmail.com> wrote: >Our spamassassin 3.3.1 is marking email with tags like and >SPF_SOFTFAIL and SPF_FAIL, as long as the sender info >is failing the SPF test. But if the sender passes the test >and the From: address is from our domain, then there >are no SPF tags appearing. > >The risk is that users don't look at the sender, only the From: >field of their email, and this can potentially allow phishing. > >Has anyone encountered this issue and resolved it?
