>> As such, the ability to reply to the RFC5322.From tells you almost nothing >> about its legitimacy. ... >I seem to recall common use of From: field validation back when that >capability was introduced into open source sendmail as an anti-spam tactic, >though it was never supported by the vendor directly. Maybe it's less >common now. If people start rejecting because .INVALID is on the From: line, it is the work of a moment to adjust it to something like this: From: Marissa <marissa@xxxxxxxxxxxxxxxxxxx> and the work of about three moments to spin up a fake MTA that accepts any RCPT TO and rejects at DATA. Or I suppose it could just be an open relay. This of course trains people to be phished, by telling them that <security@xxxxxxxxxxxxxxx.thing> is the same as <security@xxxxxxxxxx>. R's, John