Forum Discussion
"Sender Address" vs "Sender mail from address"
I'm looking at an email that went to 365 hosted quarantine. On the surface, the email looks like it came from noreply at my company, but when I look at the details it shows as below.
I'm confused by the difference between "Sender address" and "Sender mail from address" and "Return path"
3 Replies
Thanks Dan! I received a similar phishing email. According to the link above, and this link, https://www.mailhardener.com/kb/dmarc the "sender mail from address" is the return address on the envelope, and the "Sender address" is the return address on the letter. Even though the Sender address domain and the Sender mail from address domain are clearly different, why does it still pass DMARC?
That's a good question. You'd need to look at the headers of the message to see what's gone on, as well as what the configuration of the DMARC record for the domain. SPF looks at the MailFrom address, and DMARC is supposed to compare the DKIM signature to the From address.
