Both methods check the from envelope (return path) not the from header.


ChrisP.

On 25/03/2017 9:44 a.m., surgemailHIDDEN@etwinsite.com wrote:
> True, but...
>
> I Believe this checks from and not the received from so it is easy to catch email with a forged from, yes?
>
> Sent from my iPhone
>
>> On Mar 24, 2017, at 2:48 PM, surgemail-support <surgemailHIDDEN@t@netwinsite.com> wrote:
>>
>> Yes.
>>
>> Spf should normally be used instead of this unless the domain doesn't support it.
>>
>>     ChrisP.
>>
>>
>>
>>> On 24/03/2017 3:13 p.m., Paul M. Beck wrote:
>>> Can I specify more that one host for a from domain
>>>
>>> ie: HIDDEN@il.com   -   *hotmail.com,*outlook.com,etc
>>>
>>
>