Kurt Roeckx wrote:
On Sat, Apr 12, 2014 at 03:57:51PM -0400, Miles Fidelman wrote:
SM wrote:
Hi Franck,
At 11:30 12-04-2014, Franck Martin wrote:
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
The above points me to an article from trendmicro.com. I was interested
in reading your opinion.
The recent target problem started with an email, say Krebs...
A bit of research on security and email will give you a better picture
on why legitimate emails need to be better recognized.
Ok.
Gee.... and how does this help from all those spams our server keeps
receiving, from compromised Yahoo addresses that pass all the SPF, DKIM, and
DMARC tests?
It's my understanding that Yahoo now claims to have no users
anymore, only sends spam and advertises that by saying you can
now reject all their mail.
Seriously, DMARC does not try to do something about spam but about
phishing, and by doing that has no problem rejecting otherwise
real e-mail.
It has just occurred to me that one might consider that by publishing
it's p=reject policy into the DNS systems, one might consider that Yahoo
has launched a DDoS attack on most of the world's list servers - which
is illegal under a bunch of statutes (“knowingly caus[ing] the
transmission of a program, information code, or command, and as a result
of such conduct, intentionally causes damages without authorization to a
protected computer”). One might also have a case that Yahoo is engaging
in restraint of trade (by causing the rejection of valid emails), and
that ISPs that honor the p=reject policy might be engaging in a criminal
conspiracy. Hmmm......
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
