[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Matt Morgan minxmertzmomo at gmail.com
Thu Jul 19 18:55:03 EDT 2018

BTW I'm kind of flummoxed that in Mark's mail he sees the
jgl at johngreenwaltlee.com address, because that's exactly what I deleted and
replaced with the obfuscated "xxxjohnxxx.com." In what I wrote, that real
email address *did not appear*. !@#$% gmail.

On Thu, Jul 19, 2018 at 6:51 PM, Matt Morgan <minxmertzmomo at gmail.com>

> Thanks, everyone, for the thoughtful comments on my tiny little spam
> problem! I've returned from my day job and will look at Mark's diagnosis
> suggestions.
> Best,
> Matt
> On Thu, Jul 19, 2018 at 6:43 PM, John Levine <johnl at taugh.com> wrote:
>> In article <1ca714d0-da89-aa23-d247-4faa2133b591 at msapiro.net> you write:
>> >DMARC checks won't help prevent posts that spoof a member address unless
>> >every list member's domain publishes a DMARC policy of quarantine or
>> >reject, and even then it only checks the From: domain and not the domain
>> >of other addresses Mailman might use to determine list membership.
>> >
>> >Further, a post with spoofed local part sent by someone in the same
>> >domain might pass DMARC if sent via the domain's servers.
>> That's all true, and if you want bullet proof spoof resistance, you'd
>> have to register PGP or S/MIME keys for the subscriber and require
>> that she sign all her mail.
>> On the other hand, a lot of domains do DKIM signing or publish SPF,
>> and the vast majority of fake From: headers I see are from botnets,
>> not malicious users down the hall from the victim.  So if someone is
>> experiencing a lot of botnet spoofage, a setting to say that a user's
>> mail will be authenticated by SPF or DKIM from domain X would get you
>> about 90% of the effect of S/MIME signing everything with 10% of the
>> grief.
>> R's,
>> John
>> ------------------------------------------------------
>> Mailman-Users mailing list Mailman-Users at python.org
>> https://mail.python.org/mailman/listinfo/mailman-users
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Security Policy: http://wiki.list.org/x/QIA9
>> Searchable Archives: http://www.mail-archive.com/ma
>> ilman-users%40python.org/
>> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/minxme
>> rtzmomo%40gmail.com

More information about the Mailman-Users mailing list