[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Grant Taylor gtaylor at tnetconsulting.net
Thu Jul 19 17:37:21 EDT 2018


On 07/19/2018 03:11 PM, John Levine wrote:
> Well, you know, this is what DMARC is intended to address.  While DMARC 
> checks on mail that has passed through mailing lists has all sorts of 
> well known problems, doing DMARC checks on mail that arrives at a list 
> server would be pretty benign.  It's pretty rare for the path from a 
> user to the mailman server to do things that would cause DMARC fails.

Yep, that's what I was referring to.

> If you want to reinvent DMARC, you could add an option to say that all 
> submissions from me must have a DKIM signature or validated SPF from 
> domain X, where X would usually default to the domain in your e-mail 
> address.

I have no desire to reinvent DMARC (or DKIM, SPF, etc.).

I'd argue that it's best to:

1)  Do all the typical DMARC, DKIM, SPF, etc. filtering on email inbound 
to the mail server.
2)  Strip DKIM (related) headers from messages going into Mailman.
3)  ...Mailman w/ DMARC friendly settings...
4)  Apply new DKIM signatures as messages leave the mail server.



-- 
Grant. . . .
unix || die



More information about the Mailman-Users mailing list