On 2015-03-23 00:18, Kathleen Wilson wrote:
admin@domain administrator@domain
I've seen a few stories like this. I think they all used either admin or administrator. So I recommend not to allow those. They also don't show up in a default /etc/aliases file while the other 3 do.
Plus any address listed in the technical or administrative contact field of the domain's WHOIS record, regardless of the addresses' domains.
If I look up my own domain, there is a "Registrar Technical Contacts", or just "Technical" which is also about the registrar, but no details about the registrant (me), unless you go to the website. I do not expect the registrar to have the ability to create a certificate for my domain. For some other domains in .com, .org or .net what you wrote makes sense, but the whois information you get really depends on the TLD. So I think you need to be careful how you word it.
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy