On Fri, Aug 14, 2020 at 10:59 AM Kurt Andersen (b) <[email protected]> wrote:
> It would be worthwhile for everyone in the group to read through > https://www.usenix.org/conference/usenixsecurity20/presentation/chen-jianjun > as they analyze implementation flaws that allow attacks against DMARC in > existing implementations. > > The paper should be publicly accessible now since the conference is in > progress. There's also a slide deck with a summarized set of results from > their study. > > --Kurt > Did a first look at the slide deck. Some interesting stuff. Some is clearly interoperability and should be considered by the working group. Some is DMARC/DKIM/SPF implementation issues and some like the display name is intractable. As someone suggested to me today, it would be incredibly useful to disambiguate the Display Name from the From email address for anti-abuse purposes but my feeling is a) that is something for the email core group (not this group) and b) there would be incredible pushback against such an effort. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
