:: Re: [DNG] Reply-To in this list
Top Page
Delete this message
Reply to this message
Author: KatolaZ
Date:  
To: dng
Subject: Re: [DNG] Reply-To in this list
On Sun, Sep 02, 2018 at 07:52:52AM +0200, J. Fahrner wrote:
> Am 2018-09-02 02:27, schrieb Hendrik Boom:
> > If I'm away from home and post using my mobile, I still often want the
> > reply to go to my home site, which is *not* in the cloud.
>
> But then, I assume, it is not a freemail address.
>
> Nowadays lots of spam is sent through freemailers using a disposable email
> address and a reply-to to a different freemail address. Since you cannot
> block the whole google and yahoo mail servers, the only way to reject such
> spam is by the reply-to header.
>


That's not actually the only way to reject such spam, just a very weak
one. You should instead allow emails that come genuinely from a
trusted mailing list (e.g., by looking at the Received: and List-*
headers), since this list is restricted to confirmed subscribers.

The Reply-To: header is not compulsory, and can be set to
anything, so relying on it is just useless, IMHO.

You should not assume anything about the preferences of the sender.
It's like requiring anybody who wants to send you a snail mail to
include also a valid return address that corresponds to the place
where they live. You are free to dump any letter that does not abide
to your "requirement", without even opening it. But (apart from the
fact that the sender can easily fake that information) you can't ask
the post office that received such a letter to include its own address
as a "valid" return address.

This is more or less what you are asking by requiring that Mailman
sets the Reply-To to the mailing list address. And this is quite
silly, since the email you receive can still be spam independently of
the existence and value of any Reply-To: header.

The emails you receive from this list already have a valid "stamp": it
is in the Received: and List-*: headers. They confirm that the email
was actually managed by the MTA that serves this list. But cannot
guarantee much about the original sender (except that it genuinely is
a confirmed subscriber to this list) or about the content of the
message (except for the fact that the spam filter seems to be doing a
decent job at rejecting real spam).

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]