How ListManager Determines the Identity of the Person

When mail comes into a mailing list for distribution, ListManager looks at the From: header, extracts the email address and looks the email address up in the list of members for that list. If the email addresses match, the message is assumed to be from that member. If they do not match, ListManager rejects the message.

ListManager can also verify the identity of a poster by matching the name with the member's full name, if the option Allow Name Match in Utilities: Administration: Server: Server Settings: Security: Spam Blocking is enabled.

If enabled, ListManager looks that full name up to see if they are a member of the mailing list. If the full name matches, then the posting is assumed to be by that member. ListManager uses this technique to work around a common problem with list managers: if only members are allowed to post and the list manager knows people only by their email address, then people with multiple email addresses will be continually refused the right to post, because their alternate email addresses are not listed as members. Since ListManager matches on the email address, and if that fails, on the full name, in a wide variety of situations it correctly identifies the member and their posting is not refused as being "not from a member of this list".

However, this feature can also let spam or viruses post to the list if the name in the From: field matches the name of any member. Therefore, it is disabled by default.