[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Grant Taylor
gtaylor at tnetconsulting.net
Thu Jul 19 17:37:21 EDT 2018
On 07/19/2018 03:11 PM, John Levine wrote:
> Well, you know, this is what DMARC is intended to address. While DMARC
> checks on mail that has passed through mailing lists has all sorts of
> well known problems, doing DMARC checks on mail that arrives at a list
> server would be pretty benign. It's pretty rare for the path from a
> user to the mailman server to do things that would cause DMARC fails.
Yep, that's what I was referring to.
> If you want to reinvent DMARC, you could add an option to say that all
> submissions from me must have a DKIM signature or validated SPF from
> domain X, where X would usually default to the domain in your e-mail
> address.
I have no desire to reinvent DMARC (or DKIM, SPF, etc.).
I'd argue that it's best to:
1) Do all the typical DMARC, DKIM, SPF, etc. filtering on email inbound
to the mail server.
2) Strip DKIM (related) headers from messages going into Mailman.
3) ...Mailman w/ DMARC friendly settings...
4) Apply new DKIM signatures as messages leave the mail server.
--
Grant. . . .
unix || die
More information about the Mailman-Users
mailing list