On Jun 14, 2014, at 10:15 PM, John Levine wrote: >AOL and Yahoo both have OAUTH APIs, but they are not the same, and I >see no likelihood that the APIs will converge, or that the next large >webmail provider to DMARC us will be compatible with either. But >everyone has a SUBMIT server.
Mailman has always been about adhering to standards, preferably RFCs, but de facto standards are acceptable when it makes sense. OAUTH submission could make sense, but I'm not in favor of a supporting a proliferation of incompatible hacks. If this is going to be A Thing, then these webmail providers need to get together and agree on some standard. Otherwise, what Mailman should do IMHO, is support a framework for supporting the feature in general, and leave it to third parties to support their email providers of choice. >At least one of the large providers has told me they plan to do OAUTH >submission, presumably with long lived tokens, which would greatly >mitigate the security issues. It is my impression that if word got >back that lists were considering doing the submit trick, it would >motivate them to get OAUTH submission working sooner. It's the least crappy solution (so far) to a problem of their making, but please get them to agree on some kind of common API. -Barry
signature.asc
Description: PGP signature
_______________________________________________ Mailman-Developers mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
