Hi
> I had a phishing mail skip my spf check. The spf check was done on
> the Return-Path and not the From:. Is a default convention? How does
> spamassassin treat a different Return-Path and From in a message?
You have to distinguish the 'envelope' of the email, the addresses
technically needed to transmit the email.
and
The 'content' of the email. That stuff you find on the letter head
after you 'open' the envelope.
Return-Path: is usually the envelope, so this is what the mailserver
sees and this is what is being checked against SPF.
The From: Header is part of the Email Content. And Mailserver don't
look at it. This is what content scanning software does, like
SpamAssassin.
So SpamAssassin could check the From: header address against SPF, but
that would probably not work in many many cases.
The remedy to fake content From: headers is that the owner of the From:
Domains uses DKIM to sign the From: header, that he has a DMARC policy
in place and that DKIM and DMARC are checked on the Recipient side.
So yes, unfortunately email has become quite 'complicated' and you have
to use alle of SPF, DMARC and DKIM to try to avoid abuse.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web
http://www.imp.ch ______________________________________________________