Franck Martin writes:

You can also apply this patch:

http://bazaar.launchpad.net/~mlm-author/mailman/2.1-author/revision/1341?remember=1338&compare_revid=1338

Rather than injecting an invalid domain in the From: and weakening more the security of email...

If your *primary* concern is preserving the integrity of the email system, the right thing to do is go straight to Privacy | SPAM Filters and add "[.@]aol\.com$" and "[.@]yahoo\.com$" with a HOLD action (can't "reject", unfortunately, because as far as I know significant amounts of spam etc still originate from those domains). Then reject genuine posts and discard spam.

This is completely in accord with the "p=reject" policies published by those domains, which not only will result in rejection by most ESPs, but also threaten denial of service to other subscribers. If their users have a complaint about nondelivery, they should make it to their ESPs which publish p=reject.

For "security" of email, the right thing to do is to use DKIM and/or strongly encourage your users to use personal digital signatures, and allow recipients to use that information to secure themselves. In my experience GMail does a very good job -- I don't get spam and I don't lose authentic mail as far as I can tell. I don't know what others think. I do know GMail is the haven chosen by all of the people I know who've chosen to leave Yahoo! and AOL recently.

Regards,