On Sat, August 9, 2008 01:29, Greg Freemyer wrote:
The trouble is with the mailinglist forwarding the address, google does not have enough information to know where the email originated.
So, if I were a spammer, I would fake the headers to look like the email was being forwarded by a site like opensuse.
So now it looks like the listserve server needs to:
1) Check for valid info on receipt to ignore spoofed email 2) Provide valid info on send to allow recipients to validate the sender.
I was thinking the same thing too. But what if a spammer also the headers of the listserve server too? In theory *and* in practice, any mail header can be forged, including the routing headers (the From: headers). The spam server can send email to Google, claiming to be just an innocent forwarding server, with fake listserver and routing headers. Google can 't tell the difference! This can only be fixed if the opensuse mailserver uses SPF, so Gmail can check that the spamserver isn't allowed to send email on behalf of opensuse. And even then it's not foolproof. SPF is always recommended as only one of many factors to determine if email is unwanted. It's not an absolute judgement. -- Amedee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org