[Mailman-Users] How hard is it to spoof an email?
brad at stop.mail-abuse.org
Mon Jan 30 01:55:23 CET 2006
At 4:31 PM -0500 2006-01-29, Jim Popovitch wrote:
> DKIM takes it a step
> further and adds an encrypted email header "key" that is carried with
> the email during it's entire journey through multiple servers. This key
> enables every "hop" to validate the email, whereas SPF is just
> point-to-point validation based on email header info (which can very
> easily be modified in transit).
If you're going to use DKIM, make sure that you are using Mailman
2.1.7 (or later), with the most recent patches applied. Prior
versions of Mailman did not scrub the DKIM headers from messages as
they were passing through, which meant that the signatures would be
invalid for the recipients of the mailing lists. This was fixed in
2.1.7, but this version also introduced some other issues with
archives (among others), which have since been patched by Tokio and
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users