[Mailman-Users] Replies from non-members getting posted to list set to allow posts by subscribers only

Stephen J. Turnbull stephen at xemacs.org
Tue Jun 22 13:37:40 CEST 2010

Anthony R. Thompson writes:

 > It doesn't seem to me like someone should be able to post a message to a 
 > private list just by changing the Reply-To field to an address they know 
 > is on the private list.

Sure, but there's nothing you can do about that since anything in
email that can be used to identify the member can be spoofed in the
same way.  For some senders you can use DKIM or something like it to
authenticate the headers, but even then not all sites implement DKIM.

Traditional email is inherently insecure in this way.  It's possible
to take various measures, but the stronger they are the more likely
they are to prevent some of your intended users from getting or
posting messages.

More information about the Mailman-Users mailing list