I'm not sure whether I do use it, but I think I should.
Most of our list users are in our own domain. That domain certainly is less spoofable in the envelope, because we don't accept mail from our domain unless it's been through our servers. We don't get spam with sussex.ac.uk in the envelope sender domain.
With SPF records now widely published, including by several large free email service providers, it's certainly within the power of sites to validate the envelope sender address of much of their inbound email. Losing this facility now would be a great shame.
I certainly don't see how having the option can do much harm.
It might be worth adding code to support BATV, if it isn't there already.
--On 8 February 2009 18:12:33 -0500 Barry Warsaw barry@list.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Does anybody set USE_ENVELOPE_SENDER to Yes these days?
I'm considering removing the equivalent of this from Mailman 3.0 and I'd like to know if that would be a hardship for anyone. If you don't know what this value is (which in Mailman 2 lives in Defaults.py), then you probably won't miss its demise in Mailman 3.
This flag controls whether the Sender: header is considered before the From: header for purposes of trying to determine the email address of the message's author. At one time in the distant past, this flag was added because it was observed that some MTAs put the RFC 2821 MAIL FROM value into this header, and this was considered less spoofable than the From: header. I think these assumptions are outdated and this workaround is either unnecessary or hurts more than it helps.
BTW, the default value is No, which tells Mailman to use the From: header first. I propose hardwiring that default value.
Let me know if this would cause you pain.
Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkmPZuIACgkQ2YZpQepbvXHsbQCgl78AxhkBTbATQbV7jab+P8a+ F10An3skXX9Am4+BOk8gCqNaNiiVU1Vg =Ddit -----END PGP SIGNATURE-----
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.a c.uk
Security Policy: http://wiki.list.org/x/QIA9
-- Ian Eiloart IT Services, University of Sussex x3148