On 5/2/19 9:55 AM, Rich Kulawiec via mailop wrote:
In addition: thanks to password re-use practices, which are epidemic, "giving provider $X a password so that they can POP email from provider $Y" is semantically equivalent to "giving provider $X passwords to some/most/all other accounts of other descriptions". Even if we presume the most scrupulous behavior by $X and its personnel -- and history shows that is often naive and dangerous -- it still increases the exposure/risk of the password in question.
To me, provider $X trying $Y's credentials on on provider $Z is tantamount to credential stuffing and constitutes hacking in my opinion.
I may have naively given provider $X permission to access my account on provider $Y. But that permission decidedly does NOT extend to /any/ other provider. Period. End of story.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
