Add new support for disabling From address spoofing.
Review Request #10416 — Created Feb. 18, 2019 and submitted — Latest diff uploaded
When "smart" (DMARC-aware) spoofing of From addresses was added, there
wasn't a mechanism to fully turn off the spoofing behavior. The only
options available were to enable the smart spoofing or to go back to
always spoofing. In commit 62f218d, Brian LeBlanc made an attempt at
fixing this, but it introduced some regressions in behavior, largely due
to the fact that my original design just wasn't built for a "fully
This change corrects that design by deprecating the old
enable_smart_spoofingoption and introducing a new
option. This option can be in one of three modes:
never. The first two are equivalent to the original behavior of
enable_smart_spoofing=True/False, and the third fully disables
spoofing entirely, building a
enable_smart_spoofingoption still remains, and will take
from_spoofingisn't explicitly set by the caller. It retains
the same default, always spoofing, for backwards-compatibility.
Consumers are encouraged to set a better default through the new
from_spoofingargument or the Django setting,
At this time, the old argument will not be emitting a deprecation
notice, given how late we are into the 1.0.x series. Future releases
will begin to emit deprecation notices, and eventually remove the old
Unit tests pass.