ietf
[Top] [All Lists]

Re: dmarc damage, was gmail users read on... [bozo subtopic]

2014-09-13 14:15:08
But unfortunately, once the UI recognizes this case, would we not be
imposing harm vis-a-vis phishing in particular?  And then DMARC Mark
II (as it were) would have to prohibit the wrapping and require a wrap
of a wrap, etc.

DMARC is only useful because many crooks are remarkably lazy or
stupid.  I've seen numbers showing that it blocks vast amounts of spam
with From: addresses like <security(_at_)paypal(_dot_)com> which means that a 
lot
of crooks just uses the exact address they're attacking But it's not
effective against stuff like this, which they also use:

  From: <security(_at_)paypaI(_dot_)com>
  From: security at paypal.com <boris(_at_)rbn(_dot_)ru>

For that second one, remember that a lot of MUAs only show the
comment on the From: line, not the address.

While I believe that it does block considerable phish now, I also
believe it's a lot of long term pain for only short term benefits.  I
also agree that if we invent ways to circumvent DMARC issues, the bad
guys will quickly adapt unless those ways have a different, ideally
better, threat model.  See the appsawg archives and the new dmarc list
for further discussion on this point.

R's,
John

<Prev in Thread] Current Thread [Next in Thread>