[Mailman-Users] non-subscribers getting through--email address in "Real Name"

John Levine johnl at taugh.com
Sat Jul 21 16:22:44 EDT 2018

In article <dedbcda0-7399-d932-c2b9-e784f73daeb1 at caerllewys.net> you write:
>On 07/19/18 17:11, John Levine wrote:
>> In article <c5d1335d-0762-8a85-3257-239d5e2e46d6 at spamtrap.tnetconsulting.net> you write:
>>> Yes.  Just about everything can be spoofed to some degree.  It really 
>>> depends on what information the owner of the purported sending domain 
>>> publishes and what filtering / consumption of said information the 
>>> receiving server exercises.
>> Well, you know, this is what DMARC is intended to address.  While
>> DMARC checks on mail that has passed through mailing lists has all
>> sorts of well known problems, doing DMARC checks on mail that arrives
>> at a list server would be pretty benign.  It's pretty rare for the
>> path from a user to the mailman server to do things that would cause
>> DMARC fails.
>Actually, mailing lists and other redistribution are among the places
>DMARC notably breaks.  The real answer, which was created for this
>purpose, is ARC (Authenticated Received Chain).  That is designed from
>the start to pass through mailing lists unbroken.
>(Or so I'm told.)

You missed a key point.  I was suggesting DMARC-ish checks on mail *to* a
maiing list, where they should work fine.  Mail *from* a mailing list is
indeed screwed up by DMARC which is why I've been working on ARC libraries.


More information about the Mailman-Users mailing list