On Thursday 04 February 2016 at 10:58:42, Reindl Harald wrote:
> Am 04.02.2016 um 10:55 schrieb Antony Stone:
> > On Thursday 04 February 2016 at 10:47:18, Chandran Manikandan wrote:
> >> 1. Our users received some spam emails which is showing our domain email
> >> account in From address.
> >
> > Nothing unusual in that - forged From addresses have been common for many
> > years.
>
> like the mail from you
>
> From: Antony Stone <antony.st...@spamassassin.open.source.it>
> To: users@spamassassin.apache.org
Um, that's not a forged From address. I own the domain source.it and
spamassassin.open.source.it is a valid subdomain of that.
> > Are you using DKIM / SPF for your domain? I mean, why do you accept
> > email apparently from your own domain when it does not come from one of
> > your authorised servers?
>
> because the From header has nothing to do with the envelope sender and
> so not with SPF and spoofing protections
True, but given that the original poster said nothing about the envelope
sender, we don't know what that is. I'd be prepared to bet that implementing
this would improve his server's operation, though.
Antony.
--
Most people are aware that the Universe is big.
- Paul Davies, Professor of Theoretical Physics
Please reply to the list;
please *don't* CC me.
