Wouldn't it be easier to read your email logs instead? On 3/20/13 3:04 PM, "Carl S. Gutekunst" <[email protected]> wrote:
>I've been amused by the number of rows in my aggregate report that show >people forwarding mail from their employer's mailbox to an external >provider (mostly Gmail and Yahoo). Of course most employers have >policies forbidding this; the fact the people do it anyway is one of the >things that keep me employed. > >While using DMARC's aggregate reports to detect data leaks seems too >crude for corporate espionage, it does seem to have possibilities for >corporate compliance. It could work like this: once a month, I send all >my employees a reminder about corporate compliance rules. The sending >domain is unique, with correct SPF, DKIM and DMARC. When the RUA >arrives, it'll show how many people are forwarding their mail to Gmail >and whatnot. Games can be played with the domain, selector, or time of >day to statistically isolate the guilty party. > >Interesting use case? Scary use case? Or Carl just demonstrating his >grasp of the obvious? > >(Of course the outbound mail servers or firewall are the correct place >to detect and block forwarding. But this trick would find people who are >bypassing the outbound mail servers, or perhaps detect a flaw in the >output policy rules.) > ><csg> >_______________________________________________ >dmarc-discuss mailing list >[email protected] >http://www.dmarc.org/mailman/listinfo/dmarc-discuss > >NOTE: Participating in this list means you agree to the DMARC Note Well >terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
