Sender's address only in Reply-to field

Hi all,

I'm administering a Mailman list using version 2.1.14. It's a private list, whereby only list members can
post to it ("generic_nonmember_action" is set to discard).

I've just had an email sent through the list which was sent from a web service (Evite.com to be precise) by one
of the list members. The email itself had an evite.com address in the From header, and had the list member's
own address in the Reply-To header. The email was accepted by Mailman and delivered to all list members.

This surprised me, as I assumed that a list member's address would have to be in the From field for it to be
accepted, whereas in this case their address was exclusively in the Reply-To field. Is that how it's
supposed to be? Surely Mailman should only consider the From field when checking the identity of the
sender of the email?

Is there any setting in Mailman that will make it only consider the From field and not the Reply-To field when
accepting an email?

Secondly, what's the best or appropriate way for me to then block emails from a third-party sender (such as
Evite) which is using this Reply-To "trick", if I don't want those emails to be delivered to my list?

I tried putting the full evite.com email address into the "discard_these_nonmembers" field on the
[Sender filters] page, but that didn't work. When I tested it afterwards, the email from Evite.com still
was accepted by Mailman and not discarded.

I suppose I could add the Evite address as an actual member, and then mark that member for moderation, but I'd
rather not have to do that. I feel like I ought to be able to just add the Evite address to the discard list and
have it automatically discarded there, or some similar solution. The Membership List page should really
only be used for actual list members.

Regards,