Ronald F Guilmette <rfg @
> So... What specialized headers are inserted into outgoing mailing list
> traffic by commonly used mailing list daemons?
qmail and its associated mailing list package is probably the most
advanced in this regard; it inserts a Mailing-List header that identifies
the originating mailing list for all traffic, including administrative
traffic, and then refuses to accept any requests that contain a
qmail with ezlm, or qmail with majordomo and my mjinject mail sending
script (as opposed to having majordomo use the standard sendmail emulation
that qmail provides) adds a Delivered-To header pointing to the list
address, which will prevent qmail from accepting the same message again
for the same list (qmail will reject any message if delivering it would
create a duplicate Delivered-To header). This, of course, relies on the
other mailing list not stripping arbitrary headers from messages when
> I am most particularly interested in getting more information about the
> Sender: and X-Sender: headers, since I have noticed that one or the
> other of these frequently appear in mailing list traffic. Which list
> manager packages create these?
A standard configuration of majordomo will add a Sender header pointing to
the list owner address, which is conventionally owner-listname or
listname-owner but could be whatever the person running the list so
desires. Most listproc and listserv lists that I've been on also add
Sender headers, but I'm not familiar with the content they generally use.
SmartList, a list management package that works with procmail, adds a
Resent-Sender header; I'm not sure what other headers it adds, but that's
the one that seems to be reliable and the one that I use for mail
> Is there anything approximating a standard with regard to the usage of
> these particular headers in conjunction with mailing lists in
Not overly much so, although looking at my mail splitting rules for
identifying mail from mailing lists, nearly every one of them is keying on
Sender for a string that's either owner-listname or listname-owner.
Note that in attempting to secure mailing lists against these sorts of
attacks, you do have to allow for a configuration where smaller sub-lists
are subscribed to a main list; this is commonly used to optimize
distribution for extremely large lists, and despite the fact that it does
cause a number of management headaches, it's also pretty much a necessity
in some circumstances.
Russ Allbery (rra @