So recently I started getting spam emails containing trojan visual basic scripts in zip files. These emails are supposedly coming from domains that don’t exist and/or do not have accounts that line up with what is being sent. The DMARC DKIM and PTR all should not pass for this domain since all the info is being spoofed. Does mail-in-a-box not check those things before receiving?
See this GitHub PR and linked issues for part of the discussion.
This could be done, but there is also a discussion about deleting mail outright.
Okay so yes it seems the email was not checked for SPF either. But the bigger thing here that makes me wonder if PTR or DKIM are even checked? Is DMARC setup to auto reply to these sites to let them know spoofing is going on? I would rather not use PTR if possible since that seems like a very antiquated method that blocks legit mail…
I noticed the same problem. It was relentless with my catch-all alias. I couldn’t write enough rules to filter out the legitimate mail, so I finally had to move to FastMail. It’s worth the $5 a month to unload the headache.