[Rspamd-Users] Prevent sender address spoofing envelope/header FROM

Gerald Galster list+rspamd at gcore.biz
Mon Feb 12 15:18:25 UTC 2024


> Not sure what you mean with a legitimate address though. I can create a
> legitimate address such as noreply@ that only allows sending and not
> receiving (and comply with spf/dkim/dmarc). I mean, it's a computer that is
> sending the email, not a human that will check the inbox (much like the
> emails generated by cron). Right?

Technically noreply@ is a valid address but as the name implies it's a dead
end, nobody will read that mail. From a customer service point of view it's
better to send with a real address like support at company.com, that makes it
easy for the customer to reach out or follow up. There are many companies
that send mails/newsletters with noreply@ to get their message over. They
take their customers' money but don't want to be bothered and make it hard
to reach out. I don't like that approach, but that's a personal preference.

> I fully agree that helping to configure the software correctly is the first
> step. However, I can only do so much as they can individually install other
> WordPress plugins that override the defaults. Since clients will make it my
> problem anyways, I was hoping to either reject sending (so to inform the
> user quickly and to reduce sending invalid mail to keep up my IP
> reputation) or correct it for them (change the header from address to
> comply with spf).

Typically the volume of such mails is low so that it won't harm your ip
reputation and I don't know of any companies that strictly enforce the
alignment of envelope/header from. Lots of shops are still sending with
"www-data@".

Just some ideas:

- monitor logs (maillog, phpmail.log)
- log additional info with postfix, e.g. header_checks: /^From:/  INFO
- write a postfix milter
- write a wrapper for /usr/sbin/sendmail that filters mails before submission
- enforce a custom php(-fpm) config (https://www.php.net/manual/en/mail.configuration.php)
- write a lua rule in rspamd that compares envelope/header from

Best regards,
Gerald


More information about the Users mailing list