On Wed, May 7, 2014 at 3:24 PM, Matt Simerson <[email protected]> wrote: > > Wouldn't this whitelist be painting a bullseye on listed members, begging > spammers to increasingly target them? In much the same way that many of the > more sophisticated spammers today prefer to exploit legit servers by > compromising user credentials. > > There's certainly a "weakest link" component. If A approves B as an authorized third party, then compromising either of them will get the mail delivered. It's incumbent on A to audit B's security practices before authorizing them.
> > No doubt some ML operators have an adequate multi-layered defense between > their lists and the internet and can keep out increasingly motivated > hackers. But I fear that description doesn't apply to the vast majority of > operators. It wouldn't take very many successful attacks before the value > of said whitelist was greatly diminished. > > It's definitely a risk. -MSK
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
