Re: What I've been wondering about the DMARC problem

ietf

Re: What I've been wondering about the DMARC problem

2014-04-21 14:53:57

As such, the ability to reply to the RFC5322.From tells you almost nothing
about its legitimacy. ...

I seem to recall common use of From: field validation back when that
capability was introduced into open source sendmail as an anti-spam tactic,
though it was never supported by the vendor directly.  Maybe it's less
common now.


If people start rejecting because .INVALID is on the From: line, it
is the work of a moment to adjust it to something like this:

 From: Marissa <marissa(_at_)yahoo(_dot_)com(_dot_)not(_dot_)sp(_dot_)am>

and the work of about three moments to spin up a fake MTA that accepts
any RCPT TO and rejects at DATA.  Or I suppose it could just be an
open relay.  

This of course trains people to be phished, by telling them that
<security(_at_)paypal(_dot_)com(_dot_)some.thing> is the same as 
<security(_at_)paypal(_dot_)com>.

R's,
John

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: What I've been wondering about the DMARC problem, (continued) Re: What I've been wondering about the DMARC problem, Sabahattin Gucukoglu Re: What I've been wondering about the DMARC problem, Sabahattin Gucukoglu Re: What I've been wondering about the DMARC problem, Jim Fenton Re: What I've been wondering about the DMARC problem, John Levine Re: What I've been wondering about the DMARC problem, Murray S. Kucherawy Re: What I've been wondering about the DMARC problem, ned+ietf Re: What I've been wondering about the DMARC problem, Murray S. Kucherawy Re: What I've been wondering about the DMARC problem, ned+ietf Re: What I've been wondering about the DMARC problem, Murray S. Kucherawy Re: What I've been wondering about the DMARC problem, ned+ietf Re: What I've been wondering about the DMARC problem, John Levine <= Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Ted Lemon Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Murray S. Kucherawy Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Dave Crocker RE: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, MH Michael Hammer (5304) Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Rolf E. Sonneveld Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Dave Crocker Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Scott Kitterman Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Sabahattin Gucukoglu Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Hector Santos Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Murray S. Kucherawy

Previous by Date:	Re: DMARC and yahoo, Douglas Otis
Next by Date:	Re: DMARC and yahoo, Brian E Carpenter
Previous by Thread:	Re: What I've been wondering about the DMARC problem, ned+ietf
Next by Thread:	Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists, Ted Lemon
Indexes:	[Date] [Thread] [Top] [All Lists]