82
edits
Thunderbird:Autoconfiguration: Difference between revisions
m
→DNS based discovery of configuration/setup files for mail clients
| Line 193: | Line 193: | ||
If the configuration files on the Mozilla service can be contributed in a wiki-like way by anonymous people, the password theifs could just submit a config file for a big ISP and wait for the passwords to come in. The server should check that the domain of the IMAP/SMTP servers matches the domain of the email address that the config applies to, e.g. config file for aol.com must have something.aol.com as IMAP/SMTP server. That will work for many, but not for those which have several domains goign to the same server (e.g. gmail.com = googlemail.com), so probably there either need to be some automated tests (e.g. checking that both domains are served by the same DNS server and return the same MX entries) or failing that a trusted human moderator. | If the configuration files on the Mozilla service can be contributed in a wiki-like way by anonymous people, the password theifs could just submit a config file for a big ISP and wait for the passwords to come in. The server should check that the domain of the IMAP/SMTP servers matches the domain of the email address that the config applies to, e.g. config file for aol.com must have something.aol.com as IMAP/SMTP server. That will work for many, but not for those which have several domains goign to the same server (e.g. gmail.com = googlemail.com), so probably there either need to be some automated tests (e.g. checking that both domains are served by the same DNS server and return the same MX entries) or failing that a trusted human moderator. | ||
= DNS based discovery of configuration/setup files for mail clients = | |||
=== Requirements Notation === | === Requirements Notation === | ||