[Mailman-Users] non-subscribers getting through--email address in "Real Name"
Grant Taylor
gtaylor at tnetconsulting.net
Sun Jul 22 17:11:47 EDT 2018
On 07/22/2018 02:03 PM, John Levine wrote:
> No, it was specified in full knowledge that it would break pretty much
> every mailing list on the planet if used on domains with human users,
> instead of its intended target of notices from robot domains like
> paypal.com.
I choose to believe the mailing lists were behaving improperly.
To me, DMARC (including SPF and DKIM) is a method to determine if a
message is coming from the original source (or authorized delegate).
Where email is a combination of the message data and SMTP transaction
delivering said message.
> That's why we have ARC, once AOL and Yahoo abused it to solve the problem
> they created when they let crooks steal their users' address books.
I assume you are referring to "DMARC" when you say "…abused /it/ to solve…".
I feel like AOL's and Yahoo's actions are just additional gas on the
fire that has been burning for a long time. The problem of bad actors
spoofing message senders exists independently of AOL and Yahoo. Did
their (in)actions make the problem worse, probably. Did they cause the
problem? No. Did they exceed critical mass? I don't think so. Rather
I think it was past the critical mass long before AOL and Yahoo fueled
the fire.
--
Grant. . . .
unix || die
More information about the Mailman-Users
mailing list