[Mailman-Users] How hard is it to spoof an email?

Mark Sapiro msapiro at value.net
Sun Jan 29 23:59:21 CET 2006

JC Dill wrote:
>I just updated the announcement list FAQ:
>to include:

Thanks JC

>I don't know how HTML formatting and other email client oddities may 
>affect using the approved header in the first line of your post so I 
>can't be certain that this will work perfectly for you on your first 

In Mailman 2.1.6 and earlier, the Approved: line was only found and
removed if it was the first non-blank line in the first text/plain
part of the post (and the line following was removed too.). If the
post was multipart/alternative with say a text/plain part and a
text/html part, the Approved: line would only be removed from the
text/plain part. Thus, if the text/html part was not removed by
content filtering, the Approved: line would go to the list in the
text/html part.

Beginning in Mailman 2.1.7, this has been improved. An Approved: body
line must still be the first non-blank line in the first text/plain
part. Thus, you still can't post an html only message with an
Approved: body line. However, the line following the Approved: line is
no longer removed so it is no longer necessary to follow it with a
blank line. Also, once the Approved: line is found in the first
text/plain part, an attempt is made to remove it from every text/*
part in the post.

I say 'attempt' because while I'm sure it will be removed from a
text/html part, I'm not so sure that the pattern I use to find it will
match in a text/enriched, text/rtf, text/richtext or similar
alternative part. Thus, testing on a small test list is always a good

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list