On 03/20/2013 15:04, Carl S. Gutekunst wrote:
Interesting use case? Scary use case? Or Carl just demonstrating his
grasp of the obvious?
(Of course the outbound mail servers or firewall are the correct place
to detect and block forwarding. But this trick would find people who
are bypassing the outbound mail servers, or perhaps detect a flaw in
the output policy rules.)
Second point first - sure you need to enforce policies such that you
avoid critical problems in the first place. But in order to assess those
problems you first need data - and DMARC is a very useful new source for
that kind of data. I'm not sure anybody is effectively communicating the
story around DMARC as data source - understandably, since first you need
to address basic adoption.
I think there are a lot of interesting and productive use cases like
this for information security functions, just as there are for
performance management of your ESPs, useful debugging data for messaging
operations, etc etc. I talk about those three branches in broad strokes
when I get the chance, but people tend to glaze over until I focus on
just one or two concrete points about blocking phishing.
I think that in the coming year we'll see a lot more case studies about
people using the data DMARC provides in ways similar to what you outlined.
--Steve.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
