Cisco Bug: CSCvt44551 - Request for ESA to check the mail header 'Sender:' and 'From:' to evaluate a SPF/SIDF: pra violation
May 15, 2020
- Cisco Email Security Appliance
Known Affected Releases
Symptom: E.g: 1. Our domain is @example.com 2. The allowed SMTP IPs for this domain are: X.X.X.X and X.X.Y.Y 3. the envelope sender is firstname.lastname@example.org 4. the mail header Sender: --- not present --- 5. the mail header From: is email@example.com 6. the mail was sent from Y.Y.Y.Y 7. The ESA does run the SPF/SIDF: pra check result: FAIL, Y.Y.Y.Y is not allowed to send mail for @example.com The problem is, that Outlook does use the From: field to display the purported sender. So you can _very_ easily bypass the SPF/SIDF: pra check!!!!! Conditions: Mail containing a mail header field 'Sender:' _and_ a mail header field 'From:' then the mail header field 'Sender:' does take precedence from the 'From:' field.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases