I'm hoping that this problem is not in the latest version of SpamFilter.

I'm seeing in .403 that SpamFilter is ignoring the sender email address domain and is validating host is ok to send in the host's domain.   That is only supposed to happen IF there is no sender email address available.   This is a bug in .403.

For example here's a spam I got from a bogus sender that SpamFilter incorrectly validated the host domain (interelate.net) for instead of the sender's domain (broderbund.com):

02/17/05 10:57:42:495 -- (1896) Connection from: 64.73.138.124  -  Originating country : United States
02/17/05 10:57:42:736 -- (1896) Resolving 64.73.138.124 - transit124.email.interelate.net
02/17/05 10:57:42:946 -- (1896) found SPF record: v=spf1 ip4:64.73.138.0/24 -all
02/17/05 10:57:42:946 -- (1896) SPF query result:
02/17/05 10:57:42:946 -- (1896) - SPF analysis for info.broderbund.com done: - pass
02/17/05 10:57:42:946 -- (1896) Mail from: mailto:info@info.broderbund.com - info@info.broderbund.com
02/17/05 10:57:43:447 -- (2916) - MAPS search done...
02/17/05 10:57:43:547 -- (1896) - MAPS search done...
02/17/05 10:57:43:547 -- (1896) RCPT TO: mailto:pcmatt@idp.net - pcmatt@idp.net accepted
02/17/05 10:57:44:278 -- (1896) EMail from mailto:info@info.broderbund.com - info@info.broderbund.com to mailto:pcmatt@idp.net - pcmatt@idp.net was queued. Size: 18 KB, 18432 bytes

I didn't want to upgrade because we're not validating subdomains for SPF after .403, but .403 is ignoring sender email address domains for SPF.

-Matt R

Upgraded to .406 and the problem does not appear.  So, I've answered my own question.   Now I just have to suffer as the program treats host names as domains for SPF and MX queries