[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sending using my @debian.org in gmail

On Sat, Dec 1, 2018 at 7:01 AM Jeremy Stanley wrote:

> Compromise of the cryptographic keys or primitives in use,
> compromise of the authorized MTAs, compromise of the sender's
> SMTP submission account, compromise of the sender's MUA/system, and
> biggest of all of course is recipients who don't validate SPF/DKIM.

Good points.

I've experienced spammers brute-forcing SMTP submission credentials
and using that to send spam before, so I think that mitigating that
using client-side TLS certs should be required, just as we do for SSH
access to Debian machines. I'm not sure how many MUAs support that but
MTAs do so using a local MTA to forward messages could be a
reasonablish workaround.



Reply to: