On 6/7/2014 5:15 PM, Scott Kitterman via dmarc-discuss wrote: > Maybe I lost context, but I thought the claim that was being disputed and > needed assessment was if p=reject was affecting the rate of phishing > attempts. > It would seem to me that for that question, a comparison of before/after > p=reject data would yield some interesting information.
ahh. ok. sort of. That does get at attempts via the protected path, namely rfc5322.from field domain. However it doesn't permit measuring other aveneues of attack spoofing the dmarc-using organization. A claim that attackers will use work-arounds creates a desire for measuring use of work-arounds... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
