Jordan Brown writes: > Well, yeah, but to provide such a service in a way that has any > resemblance to being secure, Intuit *must* have some secret that allows > it to send mail "from" those subdomains. If Intuit doesn't need such a > secret, then anybody could send mail like that.
Sure, but (1) anyone can send mail like that anyway (and they do), (2) the customers will (well, should) be checking invoices against their own purchasing records before they pay, and (3) after the vendor identifies Intuit as its billing agent, Intuit's own signature will do the trick. Securing a small number of own keys that get rotated on a schedule is one thing, securing a database of others' keys that regularly gets updated and multiple regular employees need access to is going to be quite another. Steve ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org