Greg Stark wrote:

> Hm, I see it as a reason why signing Sender is reasonable. If it were
> a functional header then there might be a reason it would have to be
> changed. But if it's purely informational and the receiving MUA is
> going to display to the user (which is a bad idea imho but Gmail and
> Exchange both do it) then it makes sense to expect some authentication
> for it. I think the thinking is basically "sign everything we're going
> to present to the user phishers can't claim to be someone they're
> not". In which case it's fairly important that things like Sender be
> signed. Or that everyone agree it's just a useless header and stop
> sending or displaying it.

As the recipient of most -owner addresses, I would be glad to stop
munging Sender.  For some reason, some mailers record that as the
address of the mailing list in the user's addressbook; so if in the
future they send emails to the list, they end up in my mailbox instead
of posted.

> One idea might be to add a script to check a user's domain for
> p=reject and send them a warning when subscribing (or sending mail to
> the list?) warning them of the problem.

I don't think that's going to be anything but unwelcome noise.  What
would they do if they became aware of the issue?  They could switch
providers, but that only works for so long.  As soon as Gmail switches
to p=reject, we've lost.  We got away with doing it for Yahoo because
there's not a lot of people using that -- not on these lists anyway.

Álvaro Herrera      
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to