Email protected with SPF but received valid signature from other IP anyway

email spf dkim postfix phishing

As defined in RFC 7208, 1.1.3, SPF is not tested against the RFC 5322 From header, but against the envelope sender i.e. the address in RFC 5321 MAIL FROM command.

from=<[email protected]>

Therefore, rec15.appleandroidemail.mx is the domain of the envelope sender, and this hostname doesn't have an SPF record.

You'd need an additional DMARC policy to enforce alignment between the MAIL FROM and the envelope sender.

Related

fail2ban: multiline "failregex" not working
How do I properly configure SSL on the backend between nginx and an app?
Compiling and building Linux packages for multiple distributions / platforms
Recursively delete empty folders with verbose output
How long will items be kept in an In-Place Archive with Microsoft's Default MDM Policy?
Cannot log into my RADIUS protected wireless connection. Here's the LOG contents
schtasks.exe adding repeat every 10 min when not desired
Fancy colored rendering issue on osx 10.8 retina with iTerm
What can cause the system to freeze in a way where even the reset button takes a long time to react?
Get irssi to beep on new message in tmux session
Read non-blocking from multiple fifos in parallel
Is it possible to boot from internet?