In article <[email protected]> you write: >Yes. Just about everything can be spoofed to some degree. It really >depends on what information the owner of the purported sending domain >publishes and what filtering / consumption of said information the >receiving server exercises.
Well, you know, this is what DMARC is intended to address. While DMARC checks on mail that has passed through mailing lists has all sorts of well known problems, doing DMARC checks on mail that arrives at a list server would be pretty benign. It's pretty rare for the path from a user to the mailman server to do things that would cause DMARC fails. If you want to reinvent DMARC, you could add an option to say that all submissions from me must have a DKIM signature or validated SPF from domain X, where X would usually default to the domain in your e-mail address. R's, John ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
