[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 24 Oct 2015 12:50:03 +0000
Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote:
Hello Martijn,
>On Fri, Oct 23, 2015 at 11:28:03AM +0100, Brad Rogers wrote:
>> yahoo accounts are too easily breached. They're a security
>Given that I've been very vocal on this in the past, I feel obliged to
>say that I see very little evidence of this these days. Yahoo has spent
>a lot of effort on security recently and this is probably one of the
>results.
I've not paid much attention to yahoo recently, I admit. However, I've
more than three dozen spam mails arrive here from broken/hacked yahoo
accounts in the last 24 hours. Of course, my experience may not reflect
the norm. Can a sample of one ever do so? (rhetorical question)
>> Oh, and their DMARC policy is boorish, forcing many mailing lists to
>> make large scale changes to accommodate them.
>In theory I agree. In practice, I've become convinced that there are so
>many sensible security measures that don't work because of mailing lists
>that perhaps it's their job to change - even if they will be right to
I'd argue the other way; Mailing lists (MLs) existed before the
necessity for these security measures. Such security measures should
allow for the existence of MLs and not 'break' them. Now, if the
security brigade had worked _with_ ML authors rather than simply
ignoring them, maybe the breakage could have been avoided. No doubt it
would require give and take on both sides to get working properly.
In the end though, I think big business is trying to kill of email -
simply because it's extremely hard to monetise.
>claim that they have done nothing wrong. Sending messages with someone
>else's email address in the From: field may be one of those things from
>the 1980s that we should get rid off, like sending data in plain text
>over the public Internet.
I trust you mean by that that all email should be encrypted, rather than
the more common usage of 'plain text vs HTML'. I agree. The trouble is
most people are too naive (of email technology) to understand just how
insecure it is. Furthermore, until encryption "just works" most people
aren't interested enough to learn about it, never mind actually use it.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
I'd hate to look into those eyes and see an ounce of pain
Sweet Child O'Mine - Guns 'N' Roses
Attachment:
pgpkzX6_0ksPE.pgp
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq