Does SPF protect the "From:" header field?

The short answer is No.

SPF was designed to protect the envelope sender. That means the return-path that shows up in "MAIL FROM", and to a lesser extent the HELO argument that is supposed to be an FQDN - fully qualified domain name. 

The vast majority of SPF implementations today use the return-path as the subject of authentication and do not get involved with the header "From:”.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us