It finally occurred to me that this affects routine forwarding too. Even if
you implement SRS on the envelope, the header From is left alone, as per
RFC 5322.
It also affects a message from any of our users who authenticates with our
user and password but prefers to send with a yahoo.com From line.
To sum it up, any message with a yahoo.com header From is poison unless you
can deliver it locally to your own systems. This simplifies matters, since
it means a milter should check for any outgoing message with /yahoo.com/ in
the From. The simplest action to implement would be to bounce.
I'm still pondering implementation.
That some other domain might implement the same approach as yahoo is a good
point. It is best to generalize a problem.*
*unless you're selling updates to virus signatures!
Joseph Brennan
Manager, Email and Systems Applications
Columbia University Information Technology
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
