[Mailman-Users] ARC

Stephen J. Turnbull turnbull.stephen.fw at u.tsukuba.ac.jp
Fri Jul 27 00:19:30 EDT 2018

Jordan Brown writes:

 > Well, yeah, but to provide such a service in a way that has any
 > resemblance to being secure, Intuit *must* have some secret that allows
 > it to send mail "from" those subdomains.  If Intuit doesn't need such a
 > secret, then anybody could send mail like that.

Sure, but (1) anyone can send mail like that anyway (and they do), (2)
the customers will (well, should) be checking invoices against their
own purchasing records before they pay, and (3) after the vendor
identifies Intuit as its billing agent, Intuit's own signature will do
the trick.

Securing a small number of own keys that get rotated on a schedule is
one thing, securing a database of others' keys that regularly gets
updated and multiple regular employees need access to is going to be
quite another.


More information about the Mailman-Users mailing list