[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations
John R Levine
johnl at taugh.com
Wed Jun 18 03:56:13 CEST 2014
> > OAuth just avoids the need to ask the user directly for her
> > password. Once you have access to the subscriber's submit server,
> > you can run the decorated message through it to get the mail
> > providers's signature, then remail that.
>
> This is potentially a lot of remailing, though. Somebody who has been
> posting twice a day to a mailing list with 1000 subscribers suddenly
> goes from 10 outgoing messages a day to 2008.
No, he goes from two to four. He sends the first original message to the
list (1) which adds subject tags and footers or whatever, then uses OAuth
to resend it back to the list to get a new DKIM signature (2), and the
list then remails that to the thousand subscribers. He sends the second
message (3) which is treated the same way (4).
If you have the list set to customize the message per recipient, this hack
doesn't work. Do you have any idea how many lists do that?
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
More information about the Mailman-Developers
mailing list