On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote: > Is it that difficult to spoof an e-mail address and post pretending > from there? The current email systems don't have any way to enforce correct identification of a sender. So you can write (almost) whatever you like in the "from" address header. It may have to be potentially valid, depending on the checks done by a mail server, but they only check that the address is well-formed, not whether it's actually correct. There are some ISPs who write their member's ID into the headers of all their mail as it goes through their SMTP server, but that's not really a regular feature of email, and it can be faked by someone else who's ISP doesn't do that. The only way a list server could enforce that the real subscriber posted, would be to insist that all posts be signed with an encryption key that's known to the server. That might be a good idea with some mailing lists for people who aren't trying to resolve a problem with their computer, but a bad idea for a list where not-so-tech-savvy people come looking for help. > > I think the Fedora list may allow posts from unsubscribed individuals. It doesn't. Those of us with multiple email accounts who've accidentally sent a post using the wrong address can attest that the message doesn't get through. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
