[Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?)
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Sat Apr 6 20:09:38 EDT 2019
Grant Taylor via Mailman-Users writes:
> Note: SPF by itself won't do anything to protect against From: header
> spoofing.
Sure, but if configured correctly, it gives you exactly the
information you need. The problem with SPF is that a lot of header
spoofing is legitimate (at least from the point of view of the
sender). For example, using your school address as From on your Gmail
account.
> I would suggest that you also look into DKIM and particularly DMARC
> filtering.
These don't help with the fundamental problem of host-based sender
authentication. You still need to use a school MTA to send mail with
your school address, and that often sucks from the point of view of
the users.
If Valentin is willing to enforce that (in my experience, pretty
draconian) restriction, SPF is good enough for the application at
hand, DKIM is more robust against many kinds of forwarding. DMARC
policy (other than "none") is likely a disaster in an educational
setting.
Steve
More information about the Mailman-Users
mailing list