On Sun 16/Aug/2020 04:18:56 +0200 John Levine wrote:
In article <c45b61d902e04be48abe3a4bede67...@bayviewphysicians.com> you write:
This morning I had a conversation with the CEO of a company that
was hit by ransomware which arrived with the help of a single
email. He is slowly getting his company back after paying a lot
of money to people who want to destroy us. >
I think you would be dismayed how little of that would be stopped
by more stringent DMARC policies. They use lookalike addresses, or
they depend on MUAs that show the From header comments rather than
the addresses. I once saw a very slick spear phish where the crook
registered the victim's domain name substituting "rn" for "m".
Lookalike domains are also being addressed by browser developers. It
is the obvious next-thing-to-do. Those algorithms could be ported to
MUAs, except that it's pretty useless to seal the windows when the
roof is still under construction.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
