Anthony R. Thompson writes: > It doesn't seem to me like someone should be able to post a message to a > private list just by changing the Reply-To field to an address they know > is on the private list.
Sure, but there's nothing you can do about that since anything in email that can be used to identify the member can be spoofed in the same way. For some senders you can use DKIM or something like it to authenticate the headers, but even then not all sites implement DKIM. Traditional email is inherently insecure in this way. It's possible to take various measures, but the stronger they are the more likely they are to prevent some of your intended users from getting or posting messages. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
