Forum Discussion

MindeaLLC's avatar
MindeaLLC
Iron Contributor
Feb 28, 2024
Solved

"Sender Address" vs "Sender mail from address"

I'm looking at an email that went to 365 hosted quarantine. On the surface, the email looks like it came from noreply at my company, but when I look at the details it shows as below.

 

I'm confused by the difference between "Sender address" and "Sender mail from address" and "Return path"

 

 

 

3 Replies

  • philipzheng's avatar
    philipzheng
    Copper Contributor

    Thanks Dan! I received a similar phishing email. According to the link above, and this link, https://www.mailhardener.com/kb/dmarc the "sender mail from address" is the return address on the envelope, and the "Sender address" is the return address on the letter. Even though the Sender address domain and the Sender mail from address domain are clearly different, why does it still pass DMARC? 

     

    • Dan_Snape's avatar
      Dan_Snape
      Iron Contributor

      That's a good question. You'd need to look at the headers of the message to see what's gone on, as well as what the configuration of the DMARC record for the domain. SPF looks at the MailFrom address, and DMARC is supposed to compare the DKIM signature to the From address.

Resources