On 07/19/2018 02:11 PM, John Levine wrote: > In article <c5d1335d-0762-8a85-3257-239d5e2e4...@spamtrap.tnetconsulting.net> > you write: >> Yes. Just about everything can be spoofed to some degree. It really >> depends on what information the owner of the purported sending domain >> publishes and what filtering / consumption of said information the >> receiving server exercises. > > Well, you know, this is what DMARC is intended to address.
Actually, DMARC is intended to address spoofing of domains and needs to be configured by the domain owner publishing a DMARC policy. DMARC checks won't help prevent posts that spoof a member address unless every list member's domain publishes a DMARC policy of quarantine or reject, and even then it only checks the From: domain and not the domain of other addresses Mailman might use to determine list membership. Further, a post with spoofed local part sent by someone in the same domain might pass DMARC if sent via the domain's servers. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org