[Mailman-Developers] Two more DMARC mitigations
Jim Popovitch
jimpop at gmail.com
Fri Jun 13 04:16:03 CEST 2014
On Thu, Jun 12, 2014 at 10:07 PM, Stephen J. Turnbull
<stephen at xemacs.org> wrote:
> John R Levine writes:
>
> > Honestly, Tough Noogies. Let list managers make their own security
> > decisions.
>
> Revealing a user password is not a list security decision, it's a user
> security decision. Asking users for their passwords is evil, period.
Unless I am mistaking things, the sheer irony here is that Yahoo's
bastardized version of DMARC, which is necessary to stave off
collateral damage from their past security breach(es?), needs to be
further augmented with even less user security in order to be secure.
O.o Man that boggles the mind.
-Jim P.
More information about the Mailman-Developers
mailing list