[Rspamd-Users] Prevent sender address spoofing envelope/header FROM

G.W. Haywood rspamd at jubileegroup.co.uk
Mon Jan 22 16:17:07 UTC 2024


Hi there,

On Mon, 22 Jan 2024, Taco de Wolff wrote:

> My DMARC settings for those domains specify explicitly that a failing DMARC
> should go to spam:
>
> _dmarc.mailserver 86400 TXT v=DMARC1; p=quarantine; pct=100; fo=1;
> ruf=mailto:admin at mailserver; rua=mailto:admin at mailserver

That's just what you have in the DNS.  It doesn't mean that recipients
will all slavishly follow your suggestions.  Incidentally for things
like this it's far better not to hide the real content.

> DMARC checks for alignment of the header FROM address (more information
> here: https://www.mailhardener.com/kb/dmarc). Surely this only happens for
> DMARC capable destinations, but it is what I want to happen: mails that
> fail SPF, DKIM, or DMARC checks should be rejected or sent to spam.

The trouble is that if everybody invents his own version of what the
specifications say, "severe interoperability problems" may ensue:

https://datatracker.ietf.org/doc/html/rfc4871#section-6.3

>> Would it not be better to address the problem at its source?
>
> That's what I'm trying to achieve. Right now Postfix+Rspamd are happy to
> send out mail that fails DMARC which is subsequently sent to spam
> (hopefully) at the destination. I want to prevent sending them out in the
> first place. What other source could this be addressed at? ...

I was thinking of addressing the problem before it reached the Postfix
instance on your server.

-- 

73,
Ged.


More information about the Users mailing list