[Mailman-Users] How hard is it to spoof an email?

Jim Popovitch jimpop at yahoo.com
Sun Jan 29 23:02:38 CET 2006

Jp Possenti wrote:
> So basically what you are saying is that Mailman is very insecure? (in
> short)


Honestly, NO.  Mailman is much more secure, in deed very secure, than 
most software I see.    The integrity of Mailman depends highly on the 
security of your OS, your MTA and your webserver.

> You say I should not have my admin email as a list member. By that you mean
> "listname at domain.com" which is the default address as the admin?

Your admin email would be listname-admin at domain.com.  That address 
doesn't belong in the subscribers list, nor does listname at domain.com.

> If so then what am I supposed to create, and why would creating one make a
> difference?

There is nothing in Mailman that you can create or do to combat email 
spoofing.  Spoofing is not a Mailman problem as Mailman relies on your 
MTA to authenticate email senders (which is correct).  This is a good 
thing as Mailman could get really bloated (more bloated?) if it tried to 
incorporate authenticating senders.

> Also which email clients support the KIM and/or SPF standards?

DKIM and SPF are email server technologies, not client technologies. 
They can help to validate the email traffic coming into your email server.

-Jim P.

More information about the Mailman-Users mailing list