[Mailman-Developers] Fixing DMARC problems with .invalid munge
Stephen J. Turnbull
stephen at xemacs.org
Sat May 17 10:33:20 CEST 2014
Franck Martin writes:
> You can also apply this patch:
>
> http://bazaar.launchpad.net/~mlm-author/mailman/2.1-author/revision/1341?remember=1338&compare_revid=1338
>
> Rather than injecting an invalid domain in the From: and weakening
> more the security of email...
If your *primary* concern is preserving the integrity of the email
system, the right thing to do is go straight to Privacy | SPAM Filters
and add "[.@]aol\.com$" and "[.@]yahoo\.com$" with a HOLD action
(can't "reject", unfortunately, because as far as I know significant
amounts of spam etc still originate from those domains). Then reject
genuine posts and discard spam.
This is completely in accord with the "p=reject" policies published by
those domains, which not only will result in rejection by most ESPs,
but also threaten denial of service to other subscribers. If their
users have a complaint about nondelivery, they should make it to their
ESPs which publish p=reject.
For "security" of email, the right thing to do is to use DKIM and/or
strongly encourage your users to use personal digital signatures, and
allow recipients to use that information to secure themselves. In my
experience GMail does a very good job -- I don't get spam and I don't
lose authentic mail as far as I can tell. I don't know what others
think. I do know GMail is the haven chosen by all of the people I
know who've chosen to leave Yahoo! and AOL recently.
Regards,
More information about the Mailman-Developers
mailing list