[Mailman-Users] Spoofed spam problem
mailman at 16bits.net
Sat Sep 15 16:00:13 EDT 2018
On 2018-09-13 at 10:45 +0100, Clare via Mailman-Users wrote:
> For the time being I've set this address to be moderated. I'm not always
> able to deal with moderation queue promptly so is there something I can do
> to catch these messages before they get through?
Are you checking SPF?
a) the domain of your member publishes a SPF policy.
b) this policy is a FAIL one (ie. -all)
c) your members don't send emails violating their SPF policy (eg.
because it is malformed)
d) your mail server is checking SPF and rejecting spoofed emails
Then spoofed emails would be rejected before being delivered to mailman.
You may find that (b) is missing, that the domain is using a weaker SPF
policy, like SOFTFAIL, and at the same time you may not want to reject
anything with "just" a softfail. In this case, depending on how it is
logged (eg. authentication-results header), you can probably set a
mailman rule to filter the softfails for that domain at this mailman
OTOH if they fail points (a) or (c) I feel it's ok to held their
messages for moderation until they (their provider) provides a proper
SPF policy allowing to tell legit and spoofed messages apart.
More information about the Mailman-Users