Hi, >> If I wanted to use SPF in spamassassin to block spoofing attempts >> against my domain, how would I do that? >> >> Can I create a meta that combines SPF_FAIL with the From header for my >> domain to do this? > > This all sounds like: > > I (Alex) want to use SPF for incoming email, and score mail that fails > SPF policy. But I (Alex) know for sure that my own SPF record is > correct, so for messages that fail my own SPF record, I want a stricter > policy (i.e. a higher score, or a plain reject). > > If this is what you mean, then a meta rule that combines your envelope > sender domain with SPF_FAIL would be a correct solution.
Yes, that's exactly what I'm trying to do. Phishing attempts go to the core of trust issues with upper-management. > Or you could add something like below, which adds a penalty for *all* > messages using your domain, and SPF saves the real ones. > > whitelist_from_spf: *@example.tld (your domain) > header Return-Path =~ example.tld That's great. I'll investigate. Thanks again, Alex
