On Sun 19/Jul/2020 02:13:53 +0200 Murray S. Kucherawy wrote:
On Sat, Jul 18, 2020 at 10:17 AM Jim Fenton <[email protected]> wrote:
Yes, the issues of cousin domains, homoglyphs, etc. are thrown out there
as reasons why DMARC is "irrelevant" to solving problems such as spam or
phishing. [...]
It's not that DMARC isn't useful. We need to consider (and document) the
threats that it is effective against (unauthenticated mail claiming to come
from a domain from which it should have been authenticated) and those it is
not effective against (homoglyphs, display name misuse, etc.). [...]
DMARC did attempt to document these shortcomings itself, for example in
Section 12.4 of RFC 7489 which covers display name attacks. I imagine this
would be carried forward into the standards track version, unless the
working group wants to entertain the idea of breaking it all out and
re-hashing it first.
I think the WG charter is clear enough.
Still unresolved, IMHO, is Dave's point about whether the RFC5322.From
domain truly matters.
While the opinions of big players are relevant, you yourself mentioned that
they tend to follow DMARC design. Perhaps, some years ago, it was the
importance of From: domain which inspired DMARC design. Now, it's DMARC which
determines the importance of From: domain.
Filtering at MX level followed DMARC development rather closely. MUA behavior
lags behind, but seems to be plodding through. We might suggest guidelines
(for example, bewaring of at signs in display names), but it is their task to
find out how to highlight domain misalignment. The more dependable is DMARC
filtering, the greater are MUA's motivations to follow suit. Not the other way
around.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
