On 2/3/23 04:05, Stephen J. Turnbull wrote:
For the passwords, yes. It was frequently reported as a bug, in fact. Mostly the reminders generate requests to know how to shut them off. You're the first in probably a decade who's asked how to turn them on!
While in theory we could protect in transit with SMTP over TLS, we can't guarantee end-to-end encryption (eg, if there's a .forward at the subscribed address), and while TLS is widely implemented, it's still not universal.
Perhaps more significantly, all passwords are now stored in encrypted form, so for practical purposes we couldn't send the unencrypted password because we don't know it and the encrypted password is not useful to the user.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan