> Nobody sane does that in 2025
Not for their own users passwords, no. But if a user has to provide secrets that
you have to user server-side, then yes. And you'll find that this happens much
more often than you're thinking. The problem here of course is that the secret
isn't easily revocable and
Now that I am in front of a keyboard I'll be a bit more expansive.
On Mon, 6 Jan 2025, Louis via mailop wrote (with some re-threading):
Op maandag 6 januari 2025 om 23:32, schreef Andrew C Aitchison via mailop
:
On Mon, 6 Jan 2025, L. Mark Stone via mailop wrote:
If one of our customers wa
> does the user use the same credentials to pull messages (POP or IMAP) and to
> log in to SMTP to send messages?
Depends! I enforce ASPs with a scope, so the scope is up to the user in my case.
Clients never have access to actual user credentials.
> NO IT IS NOT!
No need to be so loud, I can re
I may just point out that Google/MS365 have to store encrypted
versions ( not hashed! ) of a user's password. Nobody sane does that
in 2025. We don't do it. They don't do it for their own users. Why
would you be ok with them, or anyone for that matter, except the
client, knowing that info ?
Have y
@Andrew:
The companies I have owned have been Zimbra partners since 2006. Zimbra
supports application/device-specific passwords to use with apps/devices that
don’t support MFA natively, like ActiveSync(Exchange) accounts on a iPhone.
In this way, you can turn on MFA for an account in Zimbra, co
Dnia 7.01.2025 o godz. 16:10:32 Louis via mailop pisze:
> think that's the beauty of email. You do not have control over how a client
> stores a password, this is just one of the reasons I enforce ASPs. Your point
> 1
> and 2 are also true, and in my mind they cancel each other out regarding risk
Dnia 6.01.2025 o godz. 22:14:49 John Levine via mailop pisze:
> As others have noted, if you're going to put all your account's mail
> into your Gmail account anyway, there's not much reason to hide the password.
> What are they going to do with it that you haven't already asked them to do?
Not a
Hi Andrew,
We seem to be talking about entirely different things. Everyone was talking
about having Gmail fetch messages from your server, you seem to be talking about
the opposite?
The ASP I was talking about would be something to be managed entirely on your
side, because Gmail would be fetching
Having a tooling page that we can all contribute to would be great! Assuming
there will be some moderation to prevent it from just becoming a list of adverts
:)
Groetjes,
Louis
Op dinsdag 7 januari 2025 om 10:54, schreef Simon Lyall via mailop
:
> Just catching up on this.
>
> https://www.ma
I think that report shows that storing your decryptable password
in any big cloud is a really bad idea. They get hacked because they
are one big juicy target and then has access to hundreds of millions
of passwords. It's not just a bad idea for users, it's - as the
document points out - a national
Al Iverson via mailop wrote:
You'll want to be aware of "IP Warming," the process of limiting
volume at first to build up a good sending reputation over a few
weeks.
https://www.spamresource.com/2020/09/what-is-ip-warming.html
Though my guidance is oriented to email marketing senders, it
effectiv
Just catching up on this.
https://www.mailop.org/ does have a little bit of information about
mailtaining mail servers. I was hopeing to add more at some point but
haven't got around to it (although I do have around 100 emails on this
list saved to look at).
The site is writen in hugo and ha
12 matches
Mail list logo
