In article <lo2p123mb219272fa0bd7eea8d7ed8b70be...@lo2p123mb2192.gbrp123.prod.outlook.com>, David I <[email protected]> wrote: >Without forcing alignment to 'From', an attacker can set their own 'Sender', >set a 'From' they're not entitled to use that's of a trusted >contact, and the DMARC associated with the abused domain in the 'From' has no >effect and can't be used for filtering. So while you could >so a similar filter on Sender, it wouldn't be as useful, and would provide >less security benefit.
It sounds like you're making the common mistake of confusing "DMARC aligned" with "not phish" or "not spam". What would you do with a DMARC aligned message with this From header? From: Security Alert <[email protected]> (The correct answer is bury it deep in the phish tank. Crooks can do DMARC alignment, too.) Any sensible mail provider will do its usual reputation checks on the validated identity, whichever header it is, and decide whether to deliver the message or not. I believe that Dave's point is if you're going to do that, validating the sender gives you useful flexibility without a lot of loss of security. On the other hand, if you're going to do that, why do you need DMARC at all? You use the d= in valid DKIM signatures. -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
