[thaumaturgy]

Yeah, looks like that's coming from LinkedIn's network. They're probably just setting the From: header to your friend's email address -- which is what will then show up in most email clients as the sender -- and then using the Sender: header to pass SPF.

A little sneaky on their part, but nothing too surprising.

I didn't spot any personal / identifiable information in the headers, you should be OK.

[revelation]

A little sneaky? I'm confident you will find a judge out there that considers this wire fraud.

And any email provider should obviously immediately blacklist them. Worse than spam.

[thaumaturgy]

> I'm confident you will find a judge out there that considers this wire fraud.

Eek, I hope not. That would make me and anyone else who's ever written a form-mailer or similar with "-faddress@net.com" or "From: address@net.com" guilty of wire fraud.

> And any email provider should obviously immediately blacklist them. Worse than spam.

I'm a mail provider. I'd like to, but the reality is that a lot of people are on LinkedIn on purpose, and it would be wrong for me to blackhole them just because I don't like them. Fortunately, anybody on my mail system that doesn't like LinkedIn can easily adjust their own SpamAssassin settings right from the webmail interface.

[davvolun]

Worse than spam, maybe, but I hope the defense would be able to make a compelling case that using the specification as designed doesn't constitute wire fraud...

This wouldn't be terribly different from (not that I know an example) me sending a letter to friend A and putting friend B as the return address, sending a letter by proxy. Of course in that case, there isn't even a method to see who actually sent the letter, whereas the information on who sent the email is still contained in the email.