At 05 June, 2014 Larry Finch via dmarc-discuss wrote:
This morning I got several phishing emails delivered to gmail and verizon.net
from spoofed AOL addresses. Looking at the headers it is clear they were not
sent from AOL, but they were delivered anyway (and not to gmail?s or Verizon's
spam
I’ve forwarded copies of 2 of the phishing posts privately to appropriate
engineers.
It’s pretty clear from reviewing them how they bypassed DMARC; in one case the
forged FROM address simply left off the aol.com domain, and just had the AOL
Screen Name (that the recipients would recognize) in
On 6/5/2014 7:32 AM, Larry Finch via dmarc-discuss wrote:
It’s pretty clear from reviewing them how they bypassed DMARC; in one
case the forged FROM address simply left off the aol.com
http://aol.com domain, and just had the AOL Screen Name (that the
recipients would recognize) in the FROM
Larry wrote:
The other was sent to a Yahoo Groups list. As Yahoo Groups has their own
workaround this worked.
Notably, Yahoo Groups' workaround is essentially suggestion 3B from the DMARC
FAQ item I operate a mailing list and I want to interoperate with DMARC, what
should I do?
On Jun 5, 2014, at 9:26 PM, Al Iverson via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
And also, do recognize that DMARC is only one part of the badness
prevention equation, it doesn't cover ever single eventuality. It
locks one door, not all doors, no? I'd be curious about that left off
On Jun 5, 2014, at 11:54 AM, Mason Schmitt via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Jun 5, 2014, at 9:26 PM, Al Iverson via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
And also, do recognize that DMARC is only one part of the badness
prevention equation, it doesn't cover
At 05 June, 2014 Al Iverson via dmarc-discuss wrote:
And also, do recognize that DMARC is only one part of the badness
prevention equation, it doesn't cover ever single eventuality.
+1
I'd be curious about that left off the domain one; if an ISP were already
rejecting mail from domains
On Jun 5, 2014, at 1:49 PM, Les Barstow via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I agree - DMARC does not protect against the From description. But if the MUA
were to display the full From header rather than the description only, we
might be getting somewhere.
The rest of your
On Thu, Jun 5, 2014 at 3:34 PM, John Levine via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
We might, but we probably wouldn't, since there's no reason to assume
that typical users understand the security implications of mail
addresses and domain names. Also, considering that there is
On Thu, Jun 5, 2014 at 1:49 PM, Les Barstow via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I agree - DMARC does not protect against the From description. But if the
MUA were to display the full From header rather than the description only,
we might be getting somewhere.
The rest of your
We might, but we probably wouldn't, since there's no reason to assume
that typical users understand the security implications of mail
addresses and domain names. Also, considering that there is
approximately an infinite number of ways to write something that looks
sort of like some other
Doesn’t this come back to the whitelist idea? For the green bar SSL certs
(Extended Validation), the certs have a bunch of information encoded in it, and
the browsers have a list of CA’s that they trust. AFAIK, the only way to do
that for email is through DKIM but you wouldn’t highlight all
On Jun 5, 2014, at 4:06 PM, Murray S. Kucherawy via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
On Thu, Jun 5, 2014 at 1:49 PM, Les Barstow via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
I agree - DMARC does not protect against the From description. But if the MUA
were to display the
On Jun 5, 2014, at 4:22 PM, Terry Zink via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
Doesn’t this come back to the whitelist idea? For the green bar SSL certs
(Extended Validation), the certs have a bunch of information encoded in it,
and the browsers have a list of CA’s that they
Doesn’t this come back to the whitelist idea? For the green bar SSL certs
(Extended
Validation), the certs have a bunch of information encoded in it, and the
browsers have a
list of CA’s that they trust. AFAIK, the only way to do that for email is
through DKIM but
you wouldn’t highlight all
Actually there is a finite number of look alike domains to any domain that
are similar enough to fool someone.
Well, technically, that's true since the total number of possible
domains is finite, it's 2^2040. But the claim that you can enumerate
all of the misleading domains, much less get
On Jun 5, 2014, at 3:34 PM, John Levine via dmarc-discuss
dmarc-discuss@dmarc.org wrote:
In article 0824AAFA38087A4285DB5B27F9323DC30514CF4464@rpcoex01.rpcorp.local
you write:
I agree - DMARC does not protect against the From description. But if the
MUA were to display
the full From
Franck,
See the end of the email, where I argued this case... and It is hard to create
a club and define the entry level which is open to all, provided they meet
some requirements.
Yes, it is difficult and I think it's one of the biggest barriers to getting a
common solution for trusted
Presumably, if VBR is already an RFC, why couldn't DMARC integrate with it? As
a large
receiver I would never trust a set supplied by the sender, but if I had a
handful of locally
defined vouching services, then I could use that to bypass a DMARC enforcement
in the event
that the message passes
Oof, kinda -- I was thinking of 4xx for transient resolver issues or non
registered domain names, while writing the words invalid RHS which
_would_ require a 5xx to toss out the garbage.
Read what I'm thinking, not what I'm writing!
On Thu, Jun 5, 2014 at 7:03 PM, Murray S. Kucherawy
20 matches
Mail list logo
