Added over 2 years ago
The standard use of SPF is described in
SPF only applies to the mail address given in the MAIL FROM: command in the SMTP session.
Quite a lot of spams/phishing are using spoofing techniques in other fields. You can extend your SPF checks to the fields Body-From and Reply-To.
These options can be enabled / disabled in
In those cases, if SPF gives an "hard fail", mails will be rejected at SMTP stage (that is to say that they wont go to quarantine)
These options can also be enable in
Configuration->Anti Spam->SpamC-> Enable SPF control (BodyFrom)
Configuration->Anti Spam->SpamC-> Enable SPF control (Reply-To)
In that case the mail may go to quarantine.
The rules associated to this are related to the SPF for the SMTP-From and the Body-From SPFs. The rules names correspond to the form
MC_SPF__<SPF result for Body-From
The rules are :
MC_SPF_OK_OK MC_SPF_OK_TILDE MC_SPF_OK_KO MC_SPF_OK_UNDEF MC_SPF_TILDE_OK MC_SPF_TILDE_TILDE MC_SPF_TILDE_KO MC_SPF_TILDE_UNDEF MC_SPF_KO_OK MC_SPF_KO_TILDE MC_SPF_KO_KO MC_SPF_KO_UNDEF MC_SPF_UNDEF_OK MC_SPF_UNDEF_TILDE MC_SPF_UNDEF_KO MC_SPF_UNDEF_UNDEF