Have you noticed the ARC set on Alex Brotman's messages? Microsoft declares the message as having passed DMARC before the message leaves the Office 365 environment. Assume that the average attacker decides to do the same, and applies a DMARC-PASS ARC Set to everything he sends. At minimum, the evaluator needs an algorithm to determine if the ARC Set was applied before or after a meaningful point in the delivery chain. Do we have a defined algorithm for that?
You are correct that a single sender can be whitelisted with the help of ARC, but a single sender can be whitelisted more easily without ARC. ARC requires a global reputation system so that the appropriate disposition is known in the general case of ANY message source. Ale's assertion stands. Doug Foster On Wed, Nov 24, 2021 at 3:55 PM Baptiste Carvello < [email protected]> wrote: > Hi, > > Le 24/11/2021 à 12:00, Alessandro Vesely a écrit : > > > > ARC implies a reliable global reputation system, which only giant > > providers can afford. > > Not necessarily. It only imply that the evaluator has some reason to > consider acceptable that this particular message be handled by this > particular forwarder. > > If, for example, the evaluator can know for sure that the author > designated in the From field really sent a message to the forwarder > immediately before the forwarded message came in, the probability that > the message is genuine is much higher [1]. > > Beginning of this month, I proposed an idea to achieve just that. > > Cheers, > Baptiste > > > note [1]: > indeed, the attack model then changes from "send a message with a faked > From header" (easy) to "somehow have your target send you a genuine > message so you can modify and forward it" (possible, but much harder, > needs a targeted attack). Only high profile targets need to care about > the second type of attack. > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
