[Mailman-Developers] before next release: disable backscatterin default installation
Ian Eiloart
iane at sussex.ac.uk
Fri Mar 28 13:36:47 CET 2008
> I really think this should happen for 2.2, though, and that 2.2 (or
> something) should happen quite soon. I plan to fix up my secondary MX
> situation shortly, but not everybody in my situation can do that.
>
> > [This stuff isn't written anywhere more reliable than Wikipedia,
> > and that is] why I post to the list.
>
> That's what I was afraid of.
>
I think the reason that backscatter isn't subject to any RFC is that the
real problem is the lack of authentication and accountability for
return-paths in the original messages. Bouncing would be fine if you know
that the email really came from the owner of the return-path.
That's what SPF and DKIM are intended to help with. There's friction in
their adoption because certain features of email (notably mail forwarding,
but also some others) have no regard for these features.
Until no email service provider accepts message submissions outside of
their own domains, all email providers offer message submission on port
587, all message submissions are autheticated, and mail forwarders accept
responsibility for the email that they forward, it's not safe to bounce
email.
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Mailman-Developers
mailing list