ietf
[Top] [All Lists]

Re: DMARC: perspectives from a listadmin of large open-source lists

2014-04-13 22:44:59


--On Sunday, April 13, 2014 23:28 -0400 John R Levine
<johnl(_at_)taugh(_dot_)com> wrote:

Yes, that's the 1980s percent hack.

intended recipient.  While a bit inefficient -- and probably
will emerge as  an attack vector (sigh) -- it's a plausible
mechanism.

Right -- something is seriously wrong with DMARC as used if we
need to invent new phish syntaxes to work around it.

Sadly, there are a non-trivial number of MTA installations whose
implementers or operators, having discovered that they had not
seen a legitimate use of the percent hack in years, decided that
they were about as likely to appear in legitimate messages as
source routing and dealt with them accordingly.  Put more
simply, a "%" in a local-part may be least as likely to get a
message rejected or dumped as a badly specified DMARC record, so
the one is really not a very good cure for the other.

    john



<Prev in Thread] Current Thread [Next in Thread>