jpinkerton wrote:
Interesting take on spoofing :-) I was always under the impression that
spoofing meant falisfying the reply-to address so that when a user clicks
"reply to" in MSOE the mail is sent to the reply-to address falsely chosen
by the sender. Tech-aware users might well be able to see through the
falisfied reply-to, but 90% of users won't, and those are the guys we're
trying to protect, I thought?
Not with SPF. Sender-ID and possible Unified SPF might target the From: header
but I don't think any of them target the Reply-To: header.
What do you suppose a "legitimate" use of the "Reply-To:" header would be, and
why is it not spoofing?
Paul.