On Fri, Apr 18, 2014 at 1:47 PM, Brian E Carpenter <
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
So, if the From says
From: goodguy(_at_)yahoo(_dot_)com <haha(_at_)badguy(_dot_)example(_dot_)com>
many UAs would show only goodguy(_at_)yahoo(_dot_)com as the sender,
but badguy could have passed DMARC, no?
This would not exactly enhance goodguy's reputation,
or Yahoo's for that matter. I realise it isn't the exploit
that Yahoo is trying to stop, but it suggests to me that
DMARC is only plugging one small hole in a very leaky dam.
Yes indeed. The DMARC base document discusses this already, by admitting
it's not a problem DMARC can solve right away:
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-17.4
It's also something that was brought up as a proposed work item for the
IETF.
-MSK