Jordan Brown writes:

 > Well, yeah, but to provide such a service in a way that has any
 > resemblance to being secure, Intuit *must* have some secret that allows
 > it to send mail "from" those subdomains.  If Intuit doesn't need such a
 > secret, then anybody could send mail like that.

Sure, but (1) anyone can send mail like that anyway (and they do), (2)
the customers will (well, should) be checking invoices against their
own purchasing records before they pay, and (3) after the vendor
identifies Intuit as its billing agent, Intuit's own signature will do
the trick.

Securing a small number of own keys that get rotated on a schedule is
one thing, securing a database of others' keys that regularly gets
updated and multiple regular employees need access to is going to be
quite another.

Steve
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to