[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Grant Taylor gtaylor at tnetconsulting.net
Sun Jul 22 17:11:47 EDT 2018


On 07/22/2018 02:03 PM, John Levine wrote:
> No, it was specified in full knowledge that it would break pretty much 
> every mailing list on the planet if used on domains with human users, 
> instead of its intended target of notices from robot domains like 
> paypal.com.

I choose to believe the mailing lists were behaving improperly.

To me, DMARC (including SPF and DKIM) is a method to determine if a 
message is coming from the original source (or authorized delegate). 
Where email is a combination of the message data and SMTP transaction 
delivering said message.

> That's why we have ARC, once AOL and Yahoo abused it to solve the problem 
> they created when they let crooks steal their users' address books.

I assume you are referring to "DMARC" when you say "…abused /it/ to solve…".

I feel like AOL's and Yahoo's actions are just additional gas on the 
fire that has been burning for a long time.  The problem of bad actors 
spoofing message senders exists independently of AOL and Yahoo.  Did 
their (in)actions make the problem worse, probably.  Did they cause the 
problem?  No.  Did they exceed critical mass?  I don't think so.  Rather 
I think it was past the critical mass long before AOL and Yahoo fueled 
the fire.



-- 
Grant. . . .
unix || die



More information about the Mailman-Users mailing list