Re: [OT] Tim, Gil, et. al. (e-mail address settings)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Once upon a time, Bruno Wolff III <bruno@xxxxxxxx> said:
> On Fri, Jul 01, 2016 at 08:16:10 -0500,
>  Chris Adams <linux@xxxxxxxxxxx> wrote:
> >The correct solution is for the mailing list software to be changed to
> >rewrite From: addresses.  Newer versions of Mailman support this.  The
> >address rewriting is annoying, but is the only true solution to being in
> >between sites that publish and honor DMARC policies.
> 
> I disagree. The correct solution is to detect that this is a list
> message and evaluate it some other way. For example the envelope
> sender address could be checked instead of the from address. Some
> signature systems will pass through mailing lists and still be
> verifiable.

At which point, malware makes the same headers to avoid DMARC policies,
and DMARC is useless.  I'm not the biggest fan of DMARC (haven't
implemented it for any of my domains for example), but it is a decent
solution.

> Modying from headers is going to cause problems with replies and it
> really doesn't do anything but flag the message was resent, whivh
> can be figured out with better methods.

There are a bunch of lists already doing it, and newer versions of
Mailman have an option for it.  Basically though, old-school mailing
lists are such a niche market, large-scale mailers just don't care (and
that is not going to change).

> This does solve the spam problem in any case as plenty of spam gets
> sent from places like yahoo and gmail because end users get their
> credentials stolen by spammers a lot.

I know you left out a "not" (as in "does NOT solve"), but nobody claims
DMARC (or anything else) is THE solution.  There are incremental steps,
and malware will always get around some of them in some form or fashion.
Saying something is not a 100% solution so we should give up is just
abandoning traditional email.

Most mailers apply filtering, rate limits, etc. to authenticated email
to cut down on being a source of garbage email (again, not a 100%
solution but a big help).

-- 
Chris Adams <linux@xxxxxxxxxxx>
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux