[Mailman-Users] Non-member posting to the list

[Tanstaafl]

On 2012-11-13 1:52 AM, Mark Sapiro <mark at msapiro.net> wrote:
> If I knew how to tell if a header was spoofed, I could do that, but I
> don't know how to tell; do you?

Maybe an alternative would be an option that for every message posted to 
the list, a confirmation email is sent to the members email address, 
that they then have to click a link to 'approve' sending the message, 
just like how subscribes/unsubscribes have to confirmed.

Maybe this could even be extended with some kind of way of cahing the 
source IP of approved messages, so when messages come in with the same 
sender and from the same IP that has already been approved, those 
messages go straight through without requiring confirmation?

Not a good option for really high volume lists with lots of members, but 
for smaller orgs, maybe a viable option?

Just thinking out loud, because this has definitely been a problem on 
our end (I've even had to set the emergency moderation bit a few times 
until these idiots stopped spamming the list).

I also just noticed the option under the Privacy > Spam controls in the 
GUI under 'Legacy anti-spam filters' where I can enter the listname 
itself, to prevent anyone sending spoofed messages from the list to the 
list.