Sender Policy Framework / 3rd party domains / and Sieve
 

The scenario is this ~ This company (company A) has it recorded in their Sender Policy Framework that another company (company B) with a different domain can send emails on their behalf.
The third party company (company B) sends an email to you from Company A's email address.

Can sieve 'see' that the email actually comes from Company B?

Your question can be restated as "can you tell from the email headers that the email originated from company B's SMTP server?"

The answer is almost certainly yes, but has nothing really to do with domain names. Visually examining the full headers from a sample email is the best way of figuring out appropriate sieve tests.

If company A is sending from the domain chemist.com and company B (domain reviews.com) sends emails on their behalf. Will company B's domain, reviews.com appear in the header? Or just company A's?

This question has an unfortunate answer: "It depends". If company B uses servers under its own control (probably implied by your original remark on SPF authorization), company B's domain may well appear. Each computer in the chain of "Received:" statements in the header often tries to resolve the previous computer either by its self-identification and/or by reverse IP look up. So a user might well see company B's domain listed for one of the computers in the earliest part of the "Received:" chain.

However, not all email receivers do this, so the only real way to check it would be to examine a few of the messages sent that way, as BritTim suggested.

And even if the domain for company B is not explicitly listed in the "Received:" headers, a person could do a reverse lookup manually on the earliest IP addresses and potentially find it out.

Consider what you would see if Company B was using FastMail to host its domain companyb.com. When an email is sent by a Company B employee from john.smith@companya.com, the message will appear to be sent using smtp.fastmail.com. or similar. The email headers may provide other clues about the sender (especially if they are not using the FastMail web client) but you need to examine the full headers to determine this. Usually, a genuine email will need to provide a reply-to address. That can provide a good clue as to the real sender. Of course, if it is a phishing email, most of the headers might be complete nonsense.

I appreciate the help I really do :) but this is drifting way off
Reverse lookups, spoofing or phishing isn't relevant here.

Please could we go back to the specific example in the original question

"The scenario is this ~ This company (company A) has it recorded in their Sender Policy Framework that another company (company B) with a different domain can send emails on their behalf.
The third party company (company B) sends an email to you from Company A's email address.

Can sieve 'see' that the email actually comes from Company B?"

1. Yes
2. No
3. Maybe/Sometimes

The problem is that you are asking a nonsensical question. SPF ties email domains to sending hosts, not sending domains. Thus, I could answer your question with "usually yes", but you would have no idea why I am giving that answer.

I don't see how it is nonsense This is why I am asking, below is quoted from a website

"If you choose to use your own domain for the sender email, ReviewersRUs will send out the invitation on behalf of your email address. In order to ensure the invitation will be delivered successfully, you need to add the phrase include:reviewersRUsservice.com to your SPF record. This will allow ReviewersRUs to send emails on behalf of your domain.

An SPF record acts as a gatekeeper and it shows the recipient's mail server which third party domains are allowed to send emails on behalf of your domain."

In this instance can sieve see that it is being sent by reviewersRUs?

The answer is #3. You would, as we have said, have to check a sample of emails. If the domain appears in a Received header, sieve can find it.

Thanks, that is a massive pain I was hoping to stop these review company emails & bounce them before they hit my spam box. This means I'm forced to check each one in case it is from Company A instead of the review company using their email

But thank you :)

I did not realize from your prior posts that you were receiving these yourself. If I had your problem, I would just check the headers of two or three of the undesired messages, and look for mention of the review company's domain, or failing that, a consistent sending IP address or fraction of it or maybe a server name. Sieve should be able to filter those to another folder, spam, or discard. If you need help with the sieve code, post again (I am not an expert but may be able to help, and there are others here who are experts).

Sadly that won't help, the review company spams on behalf of half the online businesses in Britain. I was hoping that there would be a way to detect it in sieve

Thanks for the offer of help with the sieve code:) I haven't posted the company name but will post it if it isn't against forum rules. I don't know if knowing that would help.

If you can figure out the sending servers they use, you can block them. It is also worth mentioning that prolific spammers should generally be detected by the spam filters.

The companies are giving them our email addresses so I don't know if it is officially called spam but to me it is. And there is no optout
Am I allowed to mention the name? It is the biggest review site in the UK (although it is Danish owned). Companies give it our email addressees & pay it to harass us for reviews
Its Alexa rank is 948