[Mailman-Developers] Anyone tried the DMARC mail address translucent forwarder hack?
John Levine
johnl at taugh.com
Fri May 16 21:53:26 CEST 2014
>>> that points to a server that rewrites the address and remails it, e.g.
>>> mmeyer at yahoo.com.remail.lists.org -> mmeyer at yahoo.com.
>I'm not very expert in this area, but it seems at least with the above,
>you'd need DNS entries for yahoo.com.remail.lists.org,
>aol.com.remail.lists.org, thenextone.com.remail.lists.org,
>theoneafterthat.com.remail.lists.org, ... and that would be a real pain.
You just need one DNS entry, for *.remail.lists.org. Believe it or
not, that's legal, valid, standard, etc. It's often used to allow
tag at fred.provider.com instead of fred+tag at provider.com.
>Something like mmeyer=yahoo.com at remail.lists.org for the address might
>be better. ...
You could do that, but the syntax details aren't all that important.
There are two issues that I was wondering about.
One is that if you do this in a naive way, you have a wide open relay
for bad guys to use. You'd have to manage it, probably with a
combination of of only allowing mail to addresses you've rewritten,
rate limiting, and spam filtering.
The other is that if you do this very much, the rewritten addresses
will find their way into people's address books, and now you're stuck
being a semi-public mail forwarder forever. You could limit how long
each address works, and after that put a note in the bounce message
telling people what address to use, but it has the potential to be
very confusing to the users.
R's,
John
More information about the Mailman-Developers
mailing list