[Rspamd-Users] Prevent sender address spoofing envelope/header FROM
Gerald Galster
list+rspamd at gcore.biz
Fri Feb 9 18:55:55 UTC 2024
> I see your point in that the contact form is filled out by a customer and
> is thus the appropriate header from address. The envelope from address is
From my point of view the "author" is the contact form software, not the
customer. See it this way: you call a company and explain your problem.
The support agent opens a ticket and enters your request, including your
email address to keep you updated. In this case the support agent is the
author, respectively the contact form software.
In the long run you will attract spammers if you send emails/copies to
unverified addresses, even with captchas. Therefore, personally, I just
say thanks and that this request will be processed as soon as possible.
You provide a contact form so that others can contact you. A response
should originate from a legitimate address like "support at company.com",
not "noreply@". This way the contact form software can set legitimate
envelope/rfc5322 from addresses and eliminate all dmarc/dkim/spf problems.
[...]
> I don't see how I can make DMARC pass other than altering the header from
> address. Does the sender address field help in passing DMARC? What am I
> missing?
Just help your users to configure or choose a capable contact form software.
Best regards,
Gerald
More information about the Users
mailing list