[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent spam to this list

In article <[🔎] E1A8eeO-00051f-27@mid.downhill.at.eu.org>,
Andreas Metzler  <ametzler@downhill.at.eu.org> wrote:
>Miquel van Smoorenburg <miquels@cistron.nl> wrote:
>> You know, there is a difference between Envelope-From (SMTP MAIL FROM:)
>> and whatever you put in the From: header. They don't have to be the same.
>I do know that, but e.g. (closed) mailing-lists check the envelope

Which is arguably broken. The list should allow you to set up
multiple address that you can post from (any many do).

>And it does not help in the first szenario at all (unless you
>think it to be ok that user a receives the bounces for user b).

If you read RFC822 and see the distinction between Sender:
and From: that isn't really as strange as it would seem.

Sure, it isn't as flexible as the current "solution" (impersonate
whoever you want) but that is going to be true of *any*
better solution, alas. And I don't think you can get all users
to sign their e-mail with PGP or use SMTP AUTH exclusively
overnight. You need something that will work in most cases,
without end-user changes, on the current Internet.

This is something that if it breaks, it will most likely be
for the users who know how to fix it.

I don't like SPF much either. I've just come to the conclusion
that it's probably better than nothing.

Never trust a statistic you didn't fake yourself.

Reply to: