ietf
[Top] [All Lists]

Re: (DMARC) We've been here before, was Why mailing lists

2014-04-18 15:47:48
On 19/04/2014 03:20, Murray S. Kucherawy wrote:
...
One of the key points about DMARC's design is that it's concerned
specifically with From:.  The reason is that the content of From: is what's
typically shown to the recipient by MUAs.  If DMARC keyed off Sender:
instead, then this would work:

MAIL FROM: haha(_at_)badguy(_dot_)example(_dot_)com

From: security(_at_)paypal(_dot_)com
Sender: haha(_at_)badguy(_dot_)example(_dot_)com
DKIM-Signature: v=1; d=badguy.example.com; ...

So, if the From says

From: goodguy(_at_)yahoo(_dot_)com <haha(_at_)badguy(_dot_)example(_dot_)com>

many UAs would show only goodguy(_at_)yahoo(_dot_)com as the sender,
but badguy could have passed DMARC, no?

This would not exactly enhance goodguy's reputation,
or Yahoo's for that matter. I realise it isn't the exploit
that Yahoo is trying to stop, but it suggests to me that
DMARC is only plugging one small hole in a very leaky dam.

    Brian

<Prev in Thread] Current Thread [Next in Thread>