[Mailman-Users] Self-Approval against From Forgeries

[Grant Taylor]

Ephraim Silverberg wrote:
> Certain lists of ours are sensitive and, hence, the members of the 
> list want to ensure that messages are not sent to the list by an 
> outsider that forges the From line of a valid list member.

Ok...

Question:  Why not look in to implementing (and requesting that members
do too or provide an alternate email for this purpose) something like
SPF and / or Domain Keys.  If you run either or both filters and your
subscribers publish records, it will be very difficult for messages to
be spoofed.

> In our previous listserver, there was a "self-approval" mechanism for 
> such lists -- i.e. when a message arrive purportedly from list member 
> X, the message would be held and a confirmation request would be sent 
> back to the address of X requesting that he reply to the confirmation 
> message if he indeed was the author of the original message.  Only 
> after the confirmation-reply was received, the original message was 
> sent off to the entire list.

Interesting concept.  It sounds a bit like challenge / response that
never remembers beyond the message in question.

> How can I implement such a self-approval mechanism in Mailman 2.1.11?

I don't believe there is any thing like that in Mailman.  The closest
thing that comes to mind would be some sort of moderation that requires
approval and having the moderator email address by dynamic to the
purported sender of the message(s) in question.



Grant. . . .