[Mailman-Developers] Two more DMARC mitigations
Stephen J. Turnbull
stephen at xemacs.org
Fri Jun 13 06:46:17 CEST 2014
Jim Popovitch writes:
> Unless I am mistaking things, the sheer irony here is that Yahoo's
> bastardized version of DMARC, which is necessary to stave off
> collateral damage from their past security breach(es?), needs to be
> further augmented with even less user security in order to be secure.
I don't see why the OAuth version of John's proposal would be less
secure.
If you want real irony, look no farther than Yahoo! Groups' From:
header field. Yahoo! is using DMARC to get "yahoo.com" out of the
From: field in list traffic, and Groups is putting it right back in.
More information about the Mailman-Developers
mailing list