[Mailman-Developers] Two more DMARC mitigations
John R Levine
johnl at taugh.com
Mon Jun 16 17:33:05 CEST 2014
> Mailman has always been about adhering to standards, preferably RFCs, but
> de facto standards are acceptable when it makes sense. OAUTH submission
> could make sense, but I'm not in favor of a supporting a proliferation of
> incompatible hacks. If this is going to be A Thing, then these webmail
> providers need to get together and agree on some standard.
Well, yeah. They all do SUBMIT. I understand the security issue of
submission with a password, but it's the only thing that consistently
works.
>> At least one of the large providers has told me they plan to do OAUTH
>> submission, presumably with long lived tokens, which would greatly
>> mitigate the security issues.
I'm trying to track down what's actually going on here. It's SUBMIT
either way, so everything in the code except the way that authorization is
sent to the SUBMIT server is the same.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
More information about the Mailman-Developers
mailing list