On Sun, Mar 22, 2015 at 4:18 PM, Kathleen Wilson <kwil...@mozilla.com> wrote: > admin@domain > administrator@domain > webmaster@domain > hostmaster@domain > postmaster@domain > > What do you all think? > > (Note this is also in Baseline Requirements section 11.1.1)
It is hard to know which to remove without any data on how customers are using these today. I would guess that admin & administrator are the more problematic ones, as they are not covered in any RFCs. The other three are in http://tools.ietf.org/html/rfc2142. I wonder if some CAs who use email authentication could provide statistics on what percent of customers choose each option. If they don't want to publicly disclose that they are releasing the data, but are willing to have it shared, maybe they could sent it to Kathleen to be posted. That would help determine whether any of these email addresses are rarely being used for validation. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy