|
|
|
|
|
|
by doctor_eval
1140 days ago
|
|
|
> I'd also argue that if you're granting employees access to things using their personal email then you're going to hit a bunch of snags. I'll give this one more thought. While I agree, I’d argue that the by-far numerical majority of companies don’t have sufficient internal controls to prevent someone from using whatever email they like when creating a dns record for some service. Actually, I even doubt that email gets turned off reliably. It doesn’t generally matter, since the email address still validates the user’s identity to the same level, but in this case there is a chain of trust that isn’t necessarily trustworthy. OTOH - a standard for domain verification is a good idea. perhaps it just needs to have an expiry date on it. It would be less convenient, but at least people could start to build tools around it. |
|
|
_dv.example.com
Reveals domain-wide settings like:
1. All verification must have expiry date.
2. Max expiry 1 year
3. Only verify emails for users @ example.com and example.org
Interested in anyone's ideas around this.