Print Page | Close Window

Mail from / Envelope-From

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 16 July 2018 at 4:54am

Topic: Mail from / Envelope-From
Posted By: craigeb78
Subject: Mail from / Envelope-From
Date Posted: 19 January 2007 at 2:13pm

I have added an entry to my mail-from Blacklist, and noticed emails still getting through.   While researching, it looks like SF recognized the envelope-from field as the mail from field, and allowed the message because the address is different.    Which should I be blocking?   I would think that I should block the mail from, since that's what most users will report to me.  I've posted the headers and the log below to show you what I mean:



01/19/07 08:40:24:179 -- (42508) Connection from:  -  Originating country : United States
01/19/07 08:40:24:820 -- (42508) found SPF record for v=spf1 ?all
01/19/07 08:40:24:882 -- (42508) found SPF record for v=spf1 ptr ?all
01/19/07 08:40:24:960 -- (42508) SPF query result: pass
01/19/07 08:40:24:960 -- (42508) - SPF analysis for done: - pass
01/19/07 08:40:24:976 -- (42508) SPF query result: pass
01/19/07 08:40:24:976 -- (42508) - SPF analysis for done: - pass
01/19/07 08:40:24:992 -- (42508) Mail from: - 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409
01/19/07 08:40:25:460 -- (42508) - MAPS search done...
01/19/07 08:40:25:460 -- (42508) RCPT TO:  accepted
01/19/07 08:40:25:679 -- (42508) EMail from - 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 to -   passes Bayesian filter - 0% spam  (31ms)
01/19/07 08:40:25:804 -- (42508) EMail from - 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 to -  was queued. Size: 7 KB, 7168 bytes
01/19/07 08:40:25:929 -- (42508) Disconnect



Received: from by (LogSat Software SMTP Server - Unlicensed Evaluation Copy); Fri, 19 Jan 2007 08:40:25 -0500
Received: by id hm35e8067nct for < - >; Fri, 19 Jan 2007 08:42:29 -0500 (envelope-from < - 50A55D31FE60625652A400B74796A4E962299675CD81A870C3DFAC30D409 >)
From: "Wireless Xcessories Group" < - >
To: " - " < - >
Reply-To: -
Subject: Plantronics Valentines day promo-free carry case w/ 640e/655 purchase

Posted By: caratking
Date Posted: 19 January 2007 at 7:54pm
I noticed the same thing the other day - but the emails were from myself.

I had a PHP script that was emailing me some info, and it was being blocked because of an invalid MX record.

The sender in the from field was, but SF was blocking the email as it was using the sender it found in the headers as which of course does not have a valid MX record.  I have not figured out how to set the from in the headers of the message.

I can whitelist the IP, but that does not solve the underlying issue for me.

Posted By: LogSat
Date Posted: 19 January 2007 at 8:17pm
The only sender's email address that matters to SpamFilter is the one given in the MAIL FROM command. That is sometimes indicated as the "envelope" or "return path" address. SpamFilter will add the address that was specified by the remote server during the SMTP session in the following header to incoming emails:


The address that is specified in the email's "From:" header is ignored and not used by the various filters.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: Amadeus0125
Date Posted: 13 March 2009 at 1:31am



jw-DBL-Update is a Yahoogroups mailinglist on which we post changes to our domain blacklist and 419 scam sender address blacklist. We send a maximum of one mailing per day to all subscribers. If you would like to be automatically notified about additions to or removals from these lists, send an e-mail to: -

List-subscribers who use jwSpamSpy don't have to do anything to benefit, as jwSpamSpy automatically updates its local blacklists whenever it sees DBL-Update messages.

------------- - 70-293

Print Page | Close Window