[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations
John Levine
johnl at taugh.com
Wed Jun 18 02:51:51 CEST 2014
>Thinking about it this way, I'm not really sure what's being considered for
>DMARC, ...
Nothing specifically for DMARC. The idea is that SASL, the layer you
use to log into pop, imap, and submit servers, now includes oauth as
an authentication scheme and OpenID as the common way to get the
token. This is all in RFC 6616, and is allegedly implemented in
gsasl.
Once you have access to the subscriber's submit server, you can run
the decorated message through it to get the mail providers's
signature, then remail that. OAuth just avoids the need to ask the
user directly for her password.
R's,
John
More information about the Mailman-Developers
mailing list