Here's a simple use case for a spear-phisher where DMARC could be effective on the inbound:
1. Phisher targets a specific exec at bigbank.com 2. Phisher sends fake FedEx tracking email from fedex.com (p=reject) to exec's admin with a note from exec for admin to track a shipment that has been ordered 3. Assuming DMARC is not being checked on the inbound, Admin clicks malicious tracking number link, credentials are stolen, breach ensues The above does of course assume that the phisher is either not familiar with DMARC, or thinks that it won't be checked by a B2B entity like bigbank.com. Regards, Brian -----Original Message----- From: dmarc-discuss [mailto:[email protected]] On Behalf Of Steve Atkins via dmarc-discuss Sent: Friday, June 20, 2014 8:12 AM To: dmarc-discuss Subject: Re: [dmarc-discuss] On Inbound DMARC Support > - DMARC is effective against one of the most effective forms of > phishing No, it's not. DMARC will briefly reduce bulk phishing from phishers who don't know about DMARC. But, after that very brief lull it'll have minimal effect. It doesn't affect anything that's visible to the end user. It doesn't make it any easier (or more difficult) to filter out phishes by content (or by using domain-based whitelisting or ...). It does mean that end users will be trained to accept that "the From: field will sometimes look funny". It certainly won't slow down a sophisticated spear phisher, which is the sort of phishing you're talking about when you're discussing compromising corporate networks. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
