[Mailman-Developers] Two more DMARC mitigations
Barry Warsaw
barry at list.org
Mon Jun 16 16:12:26 CEST 2014
On Jun 14, 2014, at 10:15 PM, John Levine wrote:
>AOL and Yahoo both have OAUTH APIs, but they are not the same, and I
>see no likelihood that the APIs will converge, or that the next large
>webmail provider to DMARC us will be compatible with either. But
>everyone has a SUBMIT server.
Mailman has always been about adhering to standards, preferably RFCs, but
de facto standards are acceptable when it makes sense. OAUTH submission
could make sense, but I'm not in favor of a supporting a proliferation of
incompatible hacks. If this is going to be A Thing, then these webmail
providers need to get together and agree on some standard. Otherwise, what
Mailman should do IMHO, is support a framework for supporting the feature in
general, and leave it to third parties to support their email providers of
choice.
>At least one of the large providers has told me they plan to do OAUTH
>submission, presumably with long lived tokens, which would greatly
>mitigate the security issues. It is my impression that if word got
>back that lists were considering doing the submit trick, it would
>motivate them to get OAUTH submission working sooner.
It's the least crappy solution (so far) to a problem of their making, but
please get them to agree on some kind of common API.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20140616/9652a277/attachment.sig>
More information about the Mailman-Developers
mailing list