I'm just wondering if the Sender: header is read when doing an SPF record check.
So, when a mail server receives an e-mail that contains a Sender: header that differs from the From: header, which one is used by the receiving server to check if the mail has been sent from the right mail server?
If I understand this right, SPF only checks the MAIL FROM command from SMTP (?) which is the equivalent to the e-mail From: header (?) and therefore the Sender: header is never taken into account...?
Is this right?
So, let's dig a bit deeper and think about a web form that sends out an email. When filling out this form, one can enter his own e-mail address so that any reply to this mail is sent to the person who filled out the form, and not to the server. Yes, there's the Reply-To: header, but when reading the RFC 4021 and 2822 I thought that it should also be allowed to send the server's address with the Sender: header and the users address with the From: header.
Any expert who can correct me or confirm this?
If I understand this right, SPF only checks the MAIL FROM command from SMTP (?) which is the equivalent to the e-mail From: header (?) and therefore the Sender: header is never taken into account...?
The bold statement above was just plainly wrong. SPF doesn't care about message header at all. In fact, the remote server can reject the email because of SPF without looking at email header and body.