On Dec 26, 2016, at 8:34 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
By that argument, there's no excuse for the big mailer providers for
bouncing List mail because of DMARC. They could just reference the
List-ID field, and display something like this:
<From> via mailing list <list-id header contents>
Great idea. Because there is no possibility whatsoever that if mail
systems did that, bad guys would put in fake List-IDs to get their
phishes delivered.
Right and DMARC has put an end to email phishing, and this progress
is in serious jeopardy of being undone if a bad guy can send an email
From: Bobby Phisher <rf@notbank.example> on behalf of Joe Banker
<joe@bank.example>
and is at no risk with:
From: Joe Banker <joe@bank.notbank.example>
Reminds me of "Yes minister", we've to do *something* about
phishing and DMARC is something...
--
--
Viktor.