[Rspamd-Users] Prevent sender address spoofing envelope/header FROM

Taco de Wolff tacodewolff at gmail.com
Mon Jan 22 15:50:03 UTC 2024 

My DMARC settings for those domains specify explicitly that a failing DMARC
should go to spam:

_dmarc.mailserver 86400 TXT v=DMARC1; p=quarantine; pct=100; fo=1;
ruf=mailto:admin at mailserver; rua=mailto:admin at mailserver

DMARC checks for alignment of the header FROM address (more information
here: https://www.mailhardener.com/kb/dmarc). Surely this only happens for
DMARC capable destinations, but it is what I want to happen: mails that
fail SPF, DKIM, or DMARC checks should be rejected or sent to spam.

> Would it not be better to address the problem at its source?

That's what I'm trying to achieve. Right now Postfix+Rspamd are happy to
send out mail that fails DMARC which is subsequently sent to spam
(hopefully) at the destination. I want to prevent sending them out in the
first place. What other source could this be addressed at? It might be
possible restricting this in Postfix itself, but since the DKIM check is
happening in the Rspamd milter I believe it would be appropriate to check
the DMARC there as well. SPF is not required as it is guaranteed to come
from the local host (the only permitted sender). Happy to hear an
alternative though!

Kind regards,
Taco de Wolff


On Mon, Jan 22, 2024 at 12:29 PM G.W. Haywood <rspamd at jubileegroup.co.uk>
wrote:
>
> Hi there,
>
> On Mon, 22 Jan 2024, Taco de Wolff wrote:
>
> > ...
> > While SPF verifies the envelope FROM address, and DKIM signs the
message,
> > it is DMARC that enforces the header FROM address which makes it sent to
> > spam at the destination server. ...
>
> How do you know that?  That's certainly not how the filters work here.
>
> Are you saying that you know how the spam filtering works on all the
> servers which receive mail from yours?
>
> > ... what if we enable it so that it verifies DMARC locally before
> > sending out. ...
>
> Would it not be better to address the problem at its source?
>
> --
>
> 73,
> Ged.
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users

More information about the Users mailing list