1. Home
  2. Knowledge Base
  3. From/Return path spoofing

From/Return path spoofing

Case: vu#244112

SurgeMail typically will not verify that From/Return path headers match (as they aren't required to match in many situations). If you are using surgemail as a gateway for multiple domains then it would be wise to enforce matching via one/some of the following settings, specifically g_from_relay "true"

g_from_exact "true" Ensures the from header matches the authenticated user.

g_from_must_exist "true", requires that the local from address must exist.

g_from_check "true", requires that the from address match a local domain

g_from_relay "true", requires gatewayed messages to match a local domain

We are adding a new setting to SurgeMail 7.8c and later

g_from_domain_match "true", which will require that the From and return path match at the domain level.

Was this article helpful?

Contents

Need Support?

Can't find the answer you're looking for?
Contact Support