[Mailman-Developers] Two more DMARC mitigations
John R Levine
johnl at taugh.com
Fri Jun 13 00:11:43 CEST 2014
> > When a user at a p=reject signs up for a list, you demand an OAUTH API
> > token if the the provider supports it, otherwise their host system
> > password.
>
> -1 on the password thing. It's too close to phishing, imposes serious
> privacy issues on Mailman hosts, and makes them targets for attack.
Honestly, Tough Noogies. Let list managers make their own security
decisions. AOL and Yahoo want all mail from their users to be
authenticated. Well, OK, this will do it.
> I'm fine with annoying the hell out of Yahoo! and AOL users with an
> OAuth request on every post.
My Yahoo contact tells me they eventually plan to do OAuth submission
which should have long lived tokens. But in the meantime, the submit hack
should work everywhere.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
More information about the Mailman-Developers
mailing list