[Mailman-Users] non-subscribers getting through--email address in "Real Name"
John Levine
johnl at taugh.com
Thu Jul 19 17:11:33 EDT 2018
In article <c5d1335d-0762-8a85-3257-239d5e2e46d6 at spamtrap.tnetconsulting.net> you write:
>Yes. Just about everything can be spoofed to some degree. It really
>depends on what information the owner of the purported sending domain
>publishes and what filtering / consumption of said information the
>receiving server exercises.
Well, you know, this is what DMARC is intended to address. While
DMARC checks on mail that has passed through mailing lists has all
sorts of well known problems, doing DMARC checks on mail that arrives
at a list server would be pretty benign. It's pretty rare for the
path from a user to the mailman server to do things that would cause
DMARC fails.
If you want to reinvent DMARC, you could add an option to say that all
submissions from me must have a DKIM signature or validated SPF from
domain X, where X would usually default to the domain in your e-mail
address.
R's,
John
More information about the Mailman-Users
mailing list