[Mailman-Developers] before next release: disable backscatterin default installation

[Stephen J. Turnbull]

Ian Eiloart writes:

 > I think the reason that backscatter isn't subject to any RFC is that the 
 > real problem is the lack of authentication and accountability for 
 > return-paths in the original messages. Bouncing would be fine if you know 
 > that the email really came from the owner of the return-path.
 > 
 > That's what SPF and DKIM are intended to help with.

Aha, good point.  OK, then the draft standards/RFCs for those qualify
as far as I'm concerned.  Note, I didn't mean that there must be an
RFC saying "no backscatter", although you could read my words that way
(and I certainly do demand it before I will consider this a purely
technical problem).  That would make things easy, of course, but those
drafts/RFCs will most likely contain rationale for why we would like
to outright ban backscatter, but can't quite go so far yet.

 > There's friction in their adoption because certain features of
 > email (notably mail forwarding, but also some others) have no
 > regard for these features.

By which you mean that SPF and DKIM in some configurations are as big
a threat to Mailman as blacklisting for backscatter is, right?