Since the quote you've included from the blog post says nothing of the sort, I'm not sure what your point is.
(Hint: "Anything else" is "Mail that says 'ebay.com' in the From: header and isn't from ebay.com". AND, not OR) On Tue, Nov 6, 2012 at 11:15 AM, Zachary Harris <[email protected]>wrote: > ** > This issue poses a particular problem if you have told users that > spoofed email from a given domain will not even appear in their spam folder. > > > http://gmailblog.blogspot.com/2009/07/new-in-labs-super-trustworthy-anti.html, > which is cited on dmarc.org/faq.html, says > Last year, we started taking extra steps to protect you from fake eBay > and PayPal > emails<http://gmailblog.blogspot.com/2008/07/fighting-phishing-with-ebay-and-paypal.html>, > requiring that any email claiming to come from one of eBay's or PayPal's > domains actually comes from them. We do that by looking at the "From" > header, and when it says "ebay.com" for example, it means it really did > come from ebay.com. Anything else is rejected; *it won't even appear in > your spam folder because Gmail won't accept it*. [emphasis added] > > I just tested, and indeed I can get my Gmail account to accept a spoofed > email that is presumably from [email protected] simply by omitting > RFC5322.From. > > Mason, unless you've already done so or wish to do so yourself, I've > already recorded my SMTP session and plan to submit it as a vulnerability > report to Gmail, crediting you as the one who pointed it out, to be sure > that they are tracking with the fact that this violates their stated "no > spoofed messages from Paypal even in your spam folder" policy. > > -Zach > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > > -- David Romerstein | LivingSocial | Lead Engineer - MTA Operations | www.livingsocial.com
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
