On 06/19/2014 05:23 PM, Steve Atkins via dmarc-discuss wrote: > On Jun 19, 2014, at 4:56 PM, Steven M Jones via dmarc-discuss > <[email protected]> wrote: >> However DMARC can help remediate a vector commonly used to initiate an >> intrusion against corporate networks, > I suspect you mean mitigate (although remediate does actually fit rather > well).
In fact i had switched between the two words - I don't mind switching back. > You can't make that bald statement without expecting someone to ask for some > evidence of it being useful for that purpose, though. I don't mind being asked. And I thought I had provided appropriate references in the rest of my previous message... > (It's fairly clear to me, for instance, that it's not true - so it's be > useful to provide a plausible line of reasoning for it being so; one that'll > stand up to discussion). Again, I thought I'd provided the reasoning. - Phishing is used to gain unauthorized access to corporate networks - Unauthorized access to corporate networks is used to effect data breach - To reduce incidence of data breach, mitigate unauthorized access - To reduce incidence of unauthorized access, take measures to reduce successful phishing - DMARC is effective against one of the most effective forms of phishing So to me, it follows that adopting DMARC is a reasonable corporate measure to help combat inbound phishing, which can result in unauthorized access, which can result in data breach. I believe I provided examples to show that successful phishing of corporate entities has been a key step leading to data breach. --S. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
