[Mailman-Developers] before next release: disable backscatterin default installation
Stephen J. Turnbull
stephen at xemacs.org
Sat Mar 29 01:09:30 CET 2008
Ian Eiloart writes:
> I think the reason that backscatter isn't subject to any RFC is that the
> real problem is the lack of authentication and accountability for
> return-paths in the original messages. Bouncing would be fine if you know
> that the email really came from the owner of the return-path.
>
> That's what SPF and DKIM are intended to help with.
Aha, good point. OK, then the draft standards/RFCs for those qualify
as far as I'm concerned. Note, I didn't mean that there must be an
RFC saying "no backscatter", although you could read my words that way
(and I certainly do demand it before I will consider this a purely
technical problem). That would make things easy, of course, but those
drafts/RFCs will most likely contain rationale for why we would like
to outright ban backscatter, but can't quite go so far yet.
> There's friction in their adoption because certain features of
> email (notably mail forwarding, but also some others) have no
> regard for these features.
By which you mean that SPF and DKIM in some configurations are as big
a threat to Mailman as blacklisting for backscatter is, right?
More information about the Mailman-Developers
mailing list