Menu
▾
▴
[Assp-user] SPF is useless this days (MAIL FROM not From)
|
From: <kr...@gm...> - 2012-12-07 19:51:11
|
I've been testing spf and I must say it is useless because it only validates MAIL FROM not From header. Spamer only has to use domain that does not publish spf in its MAIL FROM (or use own domain where he did publish spf) and he can put anything in From header. And I see they do this a lot. How about changing SPF in assp to match not only to MAIL FROM but also to From header? Another usefull option would be to force rewrite on MAIL FROM to From header (thus replacing original header). 1) I know that it is against some rfc 2) I know dkim can do validate From header, but there are not many domains with dkim dns records. |