[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations
Stephen J. Turnbull
stephen at xemacs.org
Wed Jun 18 03:34:26 CEST 2014
John Levine writes:
>> Thinking about it this way, I'm not really sure what's being
>> considered for DMARC, ...
>
> Nothing specifically for DMARC.
Yeah, I got that far.
> OAuth just avoids the need to ask the user directly for her
> password. Once you have access to the subscriber's submit server,
> you can run the decorated message through it to get the mail
> providers's signature, then remail that.
This is potentially a lot of remailing, though. Somebody who has been
posting twice a day to a mailing list with 1000 subscribers suddenly
goes from 10 outgoing messages a day to 2008. I suppose this is just
a drop in the bucket for the MTAs, but I wonder if the mailbox
providers will really go for this given their sensitivity to taking
responsibility for anything (except keeping spam out of their users'
mailboxes).
More information about the Mailman-Developers
mailing list