Quote:
Originally Posted by JeremyNicoll
FM's reply:
We are aware of the potential for spoofing or rewriting of headers, and this is a limitation of email itself and not specific to Fastmail!
|
It's not really about spoofing headers, it's about refusing to relay based on the SMTP 'mail from' field.
Quote:
|
Anybody can send emails using any Fastmail address. This is similar to someone going around sending postcards or snail mail to people but forging your postal address.
|
Snail mail is a good analogy if you live in a country where the post office requires you to provide ID and your return address before accepting a letter, but doesn't require them to match - otherwise it's bogus.
Quote:
To address any instances of abuse we maintain the monitored address abuse@fastmail.com. We take any
reports of phishing, spam or fraud very seriously.
If a message is sent from the Fastmail SMTP servers, the full headers of a message will evidence the original sender in the form of an encrypted header, X-ME-Sender.
This is a header which we can use to find the sending account for any email sent by a user, this is used when handling spam and email abuse.
|
In the case of spear-phishing or other targeted fraud, it's unlikely that X-ME-Sender will be any use.