Re: recent spam to this list
In article <[🔎] E1A8eeOemail@example.com>,
Andreas Metzler <firstname.lastname@example.org> wrote:
>Miquel van Smoorenburg <email@example.com> wrote:
>> You know, there is a difference between Envelope-From (SMTP MAIL FROM:)
>> and whatever you put in the From: header. They don't have to be the same.
>I do know that, but e.g. (closed) mailing-lists check the envelope
Which is arguably broken. The list should allow you to set up
multiple address that you can post from (any many do).
>And it does not help in the first szenario at all (unless you
>think it to be ok that user a receives the bounces for user b).
If you read RFC822 and see the distinction between Sender:
and From: that isn't really as strange as it would seem.
Sure, it isn't as flexible as the current "solution" (impersonate
whoever you want) but that is going to be true of *any*
better solution, alas. And I don't think you can get all users
to sign their e-mail with PGP or use SMTP AUTH exclusively
overnight. You need something that will work in most cases,
without end-user changes, on the current Internet.
This is something that if it breaks, it will most likely be
for the users who know how to fix it.
I don't like SPF much either. I've just come to the conclusion
that it's probably better than nothing.
Never trust a statistic you didn't fake yourself.