[Mailman-Users] Spam filtering

Stephen J. Turnbull stephen at xemacs.org
Wed Feb 17 16:23:12 CET 2010

Geoff Shang writes:

 > 2.  One idea I came up with for rejecting spoofed mail is for the 
 > receiving SMTP server to somehow check if the sending one is an MX for the 
 > domain given in the From header.  Are there any obvious problems with this 
 > approach?  Is anyone actually doing this?  It seems so simple that there 
 > surely must be some reason why it's not done.

It is being done, although not via the MX for the reasons Larry Stone
gives.  What you're looking for is call "SPF" or "DKIM" (these are
actually two different protocols, and I think with the standardization
of DKIM, SPF is probably dead).  The way DKIM works is that hosts
authorized to send mail from a domain are given special resource
records in their DNS which provide a public key, and then some portion
of the mail and/or headers is signed with an appropriate private key.

The problem is that setup is quite finicky, so most hosts not run by
well-paid professionals don't do it.  If all of your users are on
Google or Yahoo, you'll be OK, I guess.

More information about the Mailman-Users mailing list