Hi Nico,
If such traffic is required by someone traveling, another approach is to use
"Reply-to:" and for the sender to carefully identify themselves as
traveling, with reference to the company office and with clear "Cc:" set to
the sender's business email address. This avoids all the difficulties of
requiring the "FROM" line in the SMTP transaction to be mismatched with the
"From:" line of the sender's message.
Yes, I understand that, the problem is that the Mail Clients don't...*8(
And if the forger inserts the From: Header in the DATA part of the
message the Mail Client, incorrectly in my point of view, uses this one
making all SPF and stuff useless in this particular case. For the final
user it appears that he received an email from the forged address.
Best regards,
--
------------------------------------------------
Rodrigo Afonso
rafonso(_at_)rits(_dot_)org(_dot_)br
Gerente TI
RITS - Rede de Informações para o Terceiro Setor
------------------------------------------------
http://www.rits.org.br
Rua Guilhermina Guinle, 272/6º Andar
Rio de Janeiro/RJ - CEP: 22270-060
Tel: (21) 2527-5494 / Fax: (21) 2527-5460