[Mailman-Users] Bad email for requests or subscription attempts possible

Wed, 14 Apr 2021 23:01:06 -0700 

Bader, Robert (Bob) writes:

 > I think I have a situation where someone is sending email to one of
 > my lists request address ie
 > (lista-reque...@domain.com<mailto:lista-reque...@domain.com>) from
 > an invalid email address (maybe spoofing the sending address). Or
 > they may be able to trying to subscribe and entering an invalid
 > email address on the wbesite.
 > 
 > So what happens is the list admins gets a bunch of bounces.  What
 > is the best way to stop this?

I'm sorry, but dealing with the first one is what list admins are for.
Sorting these things out requires human intelligence.  Banning helps,
though:

 > If I add an email to the ban section for a list, will mailman drop
 > any email or requests from them if they are spoofing as a sender or
 > trying to subscribe?

I'm not sure what you're asking, so let me go into perhaps more detail
than you want.  Bottom Line Up Front: Banning such addresses will make
your life better.  I'm pretty sure it does what you want (except it
can't filter out the *first* obnoxious attempt :-( ).

1.  Mailman does not check for spoofing.  In theory, the best that can
    be done is to check for From alignment of the domain in From with
    a DKIM signature, but there's no reasonable way to do it for web
    subscriptions.  Worse, using DKIM to authenticate subscription or
    posting addresses is likely to cause more problems than it solves
    because users are very commonly posting or accessing the web from
    somewhere other than their nominal domain.

2.  In principle, attempts to subscribe or post from a banned email
    address are discarded with extreme prejudice.  For posting, you'd
    have to ask Mark about how this interacts with situations where
    some of the envelope sender, Sender field, and From field are
    *not* the banned address.

HTH

Steve

------------------------------------------------------
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
    https://mail.python.org/archives/list/mailman-users@python.org/

Reply via email to