Hi,
Any apple folks here that can contact me off-list? I have some questions
as relates to oauth2 and a largish isp.
Thanks,
Dave
--
Dave Lugo dl...@etherboy.comLC Unit #260 TINLC
Have you hugged your firewall today? No spam,
On 2018-09-07 15:09, Jay Hennigan wrote:
On 9/7/18 12:32 PM, Michael Peddemors wrote:
* Do you enforce 'tough' passwords?
Most formula-based "tough" passwords are only "tough" for the legitimate
user, not an attacker.
Consider that with email protocols, this doesn't necessarily apply.
Whi
Most platforms have a password per account. Not a password per account-service
combination.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Dave Warren"
To: mailop@mailop.org
Sent: Tuesday, Septembe
On 2018-09-11 11:00, Mike Hammett wrote:
Most platforms have a password per account. Not a password per
account-service combination.
Yes, and?
This isn't an overnight switch or even possible on all platforms, but it
is a viable way to move forward. Most of the major consumer platforms
(Googl
On Tue, Sep 11, 2018 at 10:37 AM Dave Warren wrote:
> On 2018-09-11 11:00, Mike Hammett wrote:
> > Most platforms have a password per account. Not a password per
> > account-service combination.
>
> Yes, and?
>
> This isn't an overnight switch or even possible on all platforms, but it
> is a viab
On 2018-09-11 at 10:20 -0600, Dave Warren wrote:
> In my experience attacks against webmail are quite uncommon, and also
> can be mitigated with more flexible techniques than the SMTP protocol
> offers.
Maybe for bruteforcing attacks, but phishing pages that attempt to grab
webmail credentials a
On Tue, Sep 11, 2018 at 2:13 PM Ángel wrote:
> On 2018-09-11 at 10:20 -0600, Dave Warren wrote:
> > In my experience attacks against webmail are quite uncommon, and also
> > can be mitigated with more flexible techniques than the SMTP protocol
> > offers.
>
> Maybe for bruteforcing attacks, but p
I'm not going to say anything that someone else hasn't already thought of.
Obviously some more components need to be thought of
Given Google's volume, maybe some new metrics to track are repeat offenders
compared to the age of the WHOIS information as well as repeat offenders
compared to a
Actually, what are some small time providers using for OAUTH2 servers? I was
thinking about checking out WSO2 locally for a dovecot/postfix database, but
open to some other suggestions…
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
> On Sep 11, 2018, at 5:28 PM, Brandon Long via ma
Unfortunately, I think OAUTH2 discovery/registration is still not ready,
which of course means that you need all the clients to manually support you
(I don't know if some have a manual oauth2 mode, but that would be pretty
limited as well).
If someone has an opinion on when that's likely to have a
10 matches
Mail list logo
