-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 9, 2009, at 5:47 AM, Ian Eiloart wrote:
I agree that the use of USE_ENVELOPE_SENDER as an anti-spoof is
outdated, particularly because it doesn't even come into play for
the
member/nonmember decision.
Strike three. :)
Our LMTP code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 9, 2009, at 5:43 AM, Ian Eiloart wrote:
I'm not sure whether I do use it, but I think I should.
Most of our list users are in our own domain. That domain certainly
is less spoofable in the envelope, because we don't accept mail from
our
