Tanstaafl wrote:
Maybe an alternative would be an option that for every message posted to the list, a confirmation email is sent to the members email address, that they then have to click a link to 'approve' sending the message, just like how subscribes/unsubscribes have to confirmed.
That's an interesting idea. Personally, if I enabled that feature on any of my lists, I'd be taken out and shot, and I'd want to do the same to anyone who did it on any list I'm a member of, but if people want such a list configuration option, we could consider it for MM 3.
Maybe this could even be extended with some kind of way of cahing the source IP of approved messages, so when messages come in with the same sender and from the same IP that has already been approved, those messages go straight through without requiring confirmation?
That would help some. Sort of like greylisting with a twist, but I think it would still be unacceptable to many list members.
[...]
I also just noticed the option under the Privacy > Spam controls in the GUI under 'Legacy anti-spam filters' where I can enter the listname itself, to prevent anyone sending spoofed messages from the list to the list.
Yes, and you could also use header_filter_rules for this, but you have bigger problems if the list posting address is a member of the list, so ordinary non_member actions should handle this.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan