On 2012-11-13 1:52 AM, Mark Sapiro <m...@msapiro.net> wrote:
If I knew how to tell if a header was spoofed, I could do that, but I don't know how to tell; do you?
Maybe an alternative would be an option that for every message posted to the list, a confirmation email is sent to the members email address, that they then have to click a link to 'approve' sending the message, just like how subscribes/unsubscribes have to confirmed.
Maybe this could even be extended with some kind of way of cahing the source IP of approved messages, so when messages come in with the same sender and from the same IP that has already been approved, those messages go straight through without requiring confirmation?
Not a good option for really high volume lists with lots of members, but for smaller orgs, maybe a viable option?
Just thinking out loud, because this has definitely been a problem on our end (I've even had to set the emergency moderation bit a few times until these idiots stopped spamming the list).
I also just noticed the option under the Privacy > Spam controls in the GUI under 'Legacy anti-spam filters' where I can enter the listname itself, to prevent anyone sending spoofed messages from the list to the list.
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
