Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge
You can also apply this patch:
Rather than injecting an invalid domain in the From: and weakening more the security of email...
Franck Martin writes:
You can also apply this patch:
Rather than injecting an invalid domain in the From: and weakening more the security of email...
If your *primary* concern is preserving the integrity of the email system, the right thing to do is go straight to Privacy | SPAM Filters and add "[.@]aol\.com$" and "[.@]yahoo\.com$" with a HOLD action (can't "reject", unfortunately, because as far as I know significant amounts of spam etc still originate from those domains). Then reject genuine posts and discard spam.
This is completely in accord with the "p=reject" policies published by those domains, which not only will result in rejection by most ESPs, but also threaten denial of service to other subscribers. If their users have a complaint about nondelivery, they should make it to their ESPs which publish p=reject.
For "security" of email, the right thing to do is to use DKIM and/or strongly encourage your users to use personal digital signatures, and allow recipients to use that information to secure themselves. In my experience GMail does a very good job -- I don't get spam and I don't lose authentic mail as far as I can tell. I don't know what others think. I do know GMail is the haven chosen by all of the people I know who've chosen to leave Yahoo! and AOL recently.
Regards,
participants (2)
-
Franck Martin
-
Stephen J. Turnbull