On 07/19/2018 03:11 PM, John Levine wrote:
Well, you know, this is what DMARC is intended to address. While DMARC
checks on mail that has passed through mailing lists has all sorts of
well known problems, doing DMARC checks on mail that arrives at a list
server would be pretty benign. It's pretty rare for the path from a
user to the mailman server to do things that would cause DMARC fails.
Yep, that's what I was referring to.
If you want to reinvent DMARC, you could add an option to say that all
submissions from me must have a DKIM signature or validated SPF from
domain X, where X would usually default to the domain in your e-mail
address.
I have no desire to reinvent DMARC (or DKIM, SPF, etc.).
I'd argue that it's best to:
1) Do all the typical DMARC, DKIM, SPF, etc. filtering on email inbound
to the mail server.
2) Strip DKIM (related) headers from messages going into Mailman.
3) ...Mailman w/ DMARC friendly settings...
4) Apply new DKIM signatures as messages leave the mail server.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
