[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Mark Sapiro
mark at msapiro.net
Thu Jul 19 17:40:12 EDT 2018
On 07/19/2018 02:11 PM, John Levine wrote:
> In article <c5d1335d-0762-8a85-3257-239d5e2e46d6 at spamtrap.tnetconsulting.net> you write:
>> Yes. Just about everything can be spoofed to some degree. It really
>> depends on what information the owner of the purported sending domain
>> publishes and what filtering / consumption of said information the
>> receiving server exercises.
>
> Well, you know, this is what DMARC is intended to address.
Actually, DMARC is intended to address spoofing of domains and needs to
be configured by the domain owner publishing a DMARC policy.
DMARC checks won't help prevent posts that spoof a member address unless
every list member's domain publishes a DMARC policy of quarantine or
reject, and even then it only checks the From: domain and not the domain
of other addresses Mailman might use to determine list membership.
Further, a post with spoofed local part sent by someone in the same
domain might pass DMARC if sent via the domain's servers.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list