On 2015-03-23 00:18, Kathleen Wilson wrote:
admin@domain
administrator@domain
I've seen a few stories like this. I think they all used either admin
or administrator. So I recommend not to allow those. They also don't
show up in a default /etc/aliases file while the other 3 do.
Plus any address listed in the technical or administrative contact
field of the domain's WHOIS record, regardless of the addresses' domains.
If I look up my own domain, there is a "Registrar Technical Contacts",
or just "Technical" which is also about the registrar, but no details
about the registrant (me), unless you go to the website. I do not
expect the registrar to have the ability to create a certificate for my
domain. For some other domains in .com, .org or .net what you wrote
makes sense, but the whois information you get really depends on the
TLD. So I think you need to be careful how you word it.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
