[Toybox] Attention: This mailing list is not secure
Rob Landley
rob at landley.net
Sun Aug 3 09:24:21 PDT 2025
On 8/2/25 07:13, * Neustradamus * wrote:
> Dear Toybox team, Rob Landley,
>
> There is a BIG probem, this mailing list (ML) is not secure:
> - https://lists.landley.net/ does not work
> - http://lists.landley.net/ not secure work
Yes, I know. I've poked Dreamhost about it on and off for years.
https://landley.net/notes-2023.html#16-01-2023
> Here it is secure:
> - https://landley.net/
> - https://landley.net/toybox/
Dreamhost "discussion lists" use a shared server. There's a DNS alias
pointing to the server, but I can't ssh into it or perform any real
administration, I've just got a web panel to add/remove config entries
to the shared mailman instance.
https://help.dreamhost.com/hc/en-us/articles/360001263566-Discussion-List-overview
> In more, the HTTPS vhost settings, certificate, can you add DKIM/SPF/DMARC at the same time?
I thought dreamhost's mail servers already had an SPF record.
I always facepalm that the five eyes convinced IETF to do "sign but send
in plaintext" infrastructure for email. I mean DUDE, seriously? You're
already doing the math, you can scramble the contents! (Port 587 lets
you _submit_ email via https, and both imap and pop3 have https wrappers
for fetching it, but it gets relayed between servers unencrypted to port
25. That's just sad.)
So it seems kinda useless, but if dreamhost's default config for their
email plumbing (which I am using verbatim now) doesn't get this right, I
can submit a support ticket. No idea if it'll do any good.
> A lot of e-mails are rejected.
>
> Can you solve it?
Not using Dreamhost's shared infrastructure, no.
Rob
More information about the Toybox
mailing list