On 19/04/2014 03:20, Murray S. Kucherawy wrote:
...
One of the key points about DMARC's design is that it's concerned
specifically with From:. The reason is that the content of From: is what's
typically shown to the recipient by MUAs. If DMARC keyed off Sender:
instead, then this would work:
MAIL FROM: haha(_at_)badguy(_dot_)example(_dot_)com
From: security(_at_)paypal(_dot_)com
Sender: haha(_at_)badguy(_dot_)example(_dot_)com
DKIM-Signature: v=1; d=badguy.example.com; ...
So, if the From says
From: goodguy(_at_)yahoo(_dot_)com <haha(_at_)badguy(_dot_)example(_dot_)com>
many UAs would show only goodguy(_at_)yahoo(_dot_)com as the sender,
but badguy could have passed DMARC, no?
This would not exactly enhance goodguy's reputation,
or Yahoo's for that matter. I realise it isn't the exploit
that Yahoo is trying to stop, but it suggests to me that
DMARC is only plugging one small hole in a very leaky dam.
Brian