Thanks, everyone, for the thoughtful comments on my tiny little spam problem! I've returned from my day job and will look at Mark's diagnosis suggestions.
Best, Matt On Thu, Jul 19, 2018 at 6:43 PM, John Levine <jo...@taugh.com> wrote: > In article <1ca714d0-da89-aa23-d247-4faa2133b...@msapiro.net> you write: > >DMARC checks won't help prevent posts that spoof a member address unless > >every list member's domain publishes a DMARC policy of quarantine or > >reject, and even then it only checks the From: domain and not the domain > >of other addresses Mailman might use to determine list membership. > > > >Further, a post with spoofed local part sent by someone in the same > >domain might pass DMARC if sent via the domain's servers. > > That's all true, and if you want bullet proof spoof resistance, you'd > have to register PGP or S/MIME keys for the subscriber and require > that she sign all her mail. > > On the other hand, a lot of domains do DKIM signing or publish SPF, > and the vast majority of fake From: headers I see are from botnets, > not malicious users down the hall from the victim. So if someone is > experiencing a lot of botnet spoofage, a setting to say that a user's > mail will be authenticated by SPF or DKIM from domain X would get you > about 90% of the effect of S/MIME signing everything with 10% of the > grief. > > R's, > John > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users@python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/ > mailman-users%40python.org/ > Unsubscribe: https://mail.python.org/mailman/options/mailman-users/ > minxmertzmomo%40gmail.com > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
