Hi Robin,
On Friday, 29 July 2016 18:54:56 UTC+1, Robin Alden wrote:
> We received a report of bugs in the construction of the emails we send out
> in order to confirm authorization by the domain name registrant prior to
> issuing a server certificate.
>
> Colloquially these are known as
Hi,
I just saw this report and my initial reaction was that it seems to be
a grave security risk to use HTML emails with user controlled content
for email domain validation.
I don't see any need for this and would strongly recommend that a
policy forbidding that practice gets implemented. The
We received a report of bugs in the construction of the emails we send out
in order to confirm authorization by the domain name registrant prior to
issuing a server certificate.
Colloquially these are known as Domain-Control Validation Emails.
The security researcher, Matthew Bryant, followed
3 matches
Mail list logo
