BTW I'm kind of flummoxed that in Mark's mail he sees the j...@johngreenwaltlee.com address, because that's exactly what I deleted and replaced with the obfuscated "xxxjohnxxx.com." In what I wrote, that real email address *did not appear*. !@#$% gmail.
On Thu, Jul 19, 2018 at 6:51 PM, Matt Morgan <minxmertzm...@gmail.com> wrote: > Thanks, everyone, for the thoughtful comments on my tiny little spam > problem! I've returned from my day job and will look at Mark's diagnosis > suggestions. > > Best, > Matt > > On Thu, Jul 19, 2018 at 6:43 PM, John Levine <jo...@taugh.com> wrote: > >> In article <1ca714d0-da89-aa23-d247-4faa2133b...@msapiro.net> you write: >> >DMARC checks won't help prevent posts that spoof a member address unless >> >every list member's domain publishes a DMARC policy of quarantine or >> >reject, and even then it only checks the From: domain and not the domain >> >of other addresses Mailman might use to determine list membership. >> > >> >Further, a post with spoofed local part sent by someone in the same >> >domain might pass DMARC if sent via the domain's servers. >> >> That's all true, and if you want bullet proof spoof resistance, you'd >> have to register PGP or S/MIME keys for the subscriber and require >> that she sign all her mail. >> >> On the other hand, a lot of domains do DKIM signing or publish SPF, >> and the vast majority of fake From: headers I see are from botnets, >> not malicious users down the hall from the victim. So if someone is >> experiencing a lot of botnet spoofage, a setting to say that a user's >> mail will be authenticated by SPF or DKIM from domain X would get you >> about 90% of the effect of S/MIME signing everything with 10% of the >> grief. >> >> R's, >> John >> ------------------------------------------------------ >> Mailman-Users mailing list Mailman-Users@python.org >> https://mail.python.org/mailman/listinfo/mailman-users >> Mailman FAQ: http://wiki.list.org/x/AgA3 >> Security Policy: http://wiki.list.org/x/QIA9 >> Searchable Archives: http://www.mail-archive.com/ma >> ilman-users%40python.org/ >> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/minxme >> rtzmomo%40gmail.com >> > > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org