On 07/19/2018 11:44 AM, Robert Heller wrote:
All of which can be spoofed.
Yes. Just about everything can be spoofed to some degree. It really depends on what information the owner of the purported sending domain publishes and what filtering / consumption of said information the receiving server exercises.
I personally feel like Mailman, and many other similar things, should sit behind an external / edge SMTP server that does some of the heavy lifting and provides detection of and possibly protection against many spoofs.
Mailman does not make any checks of the "Received:" headers (where the bogosity of the other headers can be determined or can flag messages as containing possibly spoofed headers).
I agree that there is some data in the Received: headers that may indicate a problem. But such information is difficult to consistently / reliably / accurately extract or parse /without/ false positives. It can also be difficult to correlate information across headers and determine what should and should not be allowed. Let's not forget that it's equally easy to spoof Received: headers as it is to spoof other headers. }:-)
-- Grant. . . . unix || die
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
