On 1/5/21 11:22 AM, Dave Crocker wrote:
From: header field rewriting demonstrates that DMARC is, indeed,
trivial to defeat (or rather, to route around.) Also, receiver
filtering engines are all that matter. Real-time actions by
recipients are demonstrably irrelevant to DMARC (and all other
anti-abuse) utility.
That's not the conclusion of the paper that Doug Foster linked to the
other day. It showed that visual indicators statistically helped. The
biggest problem was the low deployment rate of DMARC from what I can
tell from the paper. Everybody here should read that paper IMO.
When I first came back and saw the From rewriting I was very confused by
what it was until I figured out what was going on. If it were directly
sent to me I would definitely be suspicious. But Thunderbird shows the
entire email address when you view it, unlike some of the crappy MUA's
out there. What we should be agitating for is better MUA's in general
that care about security. Not IETF, obviously, but the email community
at large.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
