Null sender (RFC5321.MailFrom: <>) allows DMARC bypass
Problem reported by Steve Norton - 3/25/2021 at 3:47 AM
This is being used by spammers to bypass DMARC.
Maybe related to;

Build 7642 (Dec 3, 2020)

  1. Fixed: Password reset emails might be rejected by some DMARC policies because of blank Return-Path field.

1 Reply

Reply to Thread
Steve Norton Replied
This is still an issue in 8048.
I've tested this against a Gmail address and they correctly block the email due to the DMARC policy of the 'From' domain even with a null sender.

Reply to Thread