[Mailman-Users] How hard is it to spoof an email?
Jim Popovitch
jimpop at yahoo.com
Sun Jan 29 23:02:38 CET 2006
Jp Possenti wrote:
> So basically what you are saying is that Mailman is very insecure? (in
> short)
:-)
Honestly, NO. Mailman is much more secure, in deed very secure, than
most software I see. The integrity of Mailman depends highly on the
security of your OS, your MTA and your webserver.
> You say I should not have my admin email as a list member. By that you mean
> "listname at domain.com" which is the default address as the admin?
Your admin email would be listname-admin at domain.com. That address
doesn't belong in the subscribers list, nor does listname at domain.com.
> If so then what am I supposed to create, and why would creating one make a
> difference?
There is nothing in Mailman that you can create or do to combat email
spoofing. Spoofing is not a Mailman problem as Mailman relies on your
MTA to authenticate email senders (which is correct). This is a good
thing as Mailman could get really bloated (more bloated?) if it tried to
incorporate authenticating senders.
> Also which email clients support the KIM and/or SPF standards?
DKIM and SPF are email server technologies, not client technologies.
They can help to validate the email traffic coming into your email server.
-Jim P.
More information about the Mailman-Users
mailing list