Re: spoofing test

On Sun, Dec 17, 2023 at 10:00:00AM +0200, Regina Obe wrote:

This is not Regina, but Sandro testing if Mailman will prevent spoofing

Interestingly, the header of the email as I received it via mailing
list contained such a nice looking header:

      spf=pass ( domain of "" designates as permitted sender)

This is basically Mailman taking responsibility of the mail it sent out.

I guess the mail should have been rejected by the OSGeo MTA due to
to SPF record for not listing as a valid sender.
This is clearly not happening and I've created a ticket (high priority IMHO)
for dealing with this:

  #3067 (Perform email authenticity checks before accepting them) – OSGeo


  Libre GIS consultant/developer
  strk's services