[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Phil Stracchino phils at caerllewys.net
Thu Jul 19 18:59:59 EDT 2018

On 07/19/18 17:11, John Levine wrote:
> In article <c5d1335d-0762-8a85-3257-239d5e2e46d6 at spamtrap.tnetconsulting.net> you write:
>> Yes.  Just about everything can be spoofed to some degree.  It really 
>> depends on what information the owner of the purported sending domain 
>> publishes and what filtering / consumption of said information the 
>> receiving server exercises.
> Well, you know, this is what DMARC is intended to address.  While
> DMARC checks on mail that has passed through mailing lists has all
> sorts of well known problems, doing DMARC checks on mail that arrives
> at a list server would be pretty benign.  It's pretty rare for the
> path from a user to the mailman server to do things that would cause
> DMARC fails.

Actually, mailing lists and other redistribution are among the places
DMARC notably breaks.  The real answer, which was created for this
purpose, is ARC (Authenticated Received Chain).  That is designed from
the start to pass through mailing lists unbroken.

(Or so I'm told.)

  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

More information about the Mailman-Users mailing list