[dmarc-discuss] DMARC thwarted already?

Larry Finch finches at portadmiral.org
Thu Jun 5 07:32:11 PDT 2014


I’ve forwarded copies of 2 of the phishing posts privately to appropriate engineers.

It’s pretty clear from reviewing them how they bypassed DMARC; in one case the forged FROM address simply left off the aol.com domain, and just had the AOL Screen Name (that the recipients would recognize) in the FROM field. It was sent to the contact list of the owner of that screen name, so either there was another break-in at AOL or it was a holdover from the earlier hack of AOL.

The other was sent to a Yahoo Groups list. As Yahoo Groups has their own workaround this worked.

The point is that there is no solution to the phishing problem thus far; while these attempts would not fool anyone on this list, they will fool a vast majority of email subscribers.

best regards,
Larry


On Jun 5, 2014, at 10:08 AM, Peter Blair via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

> At 05 June, 2014 Larry Finch via dmarc-discuss wrote:
>> 
>> This morning I got several phishing emails delivered to gmail and verizon.net
>> from spoofed AOL addresses. Looking at the headers it is clear they were not
>> sent from AOL, but they were delivered anyway (and not to gmail?s or Verizon's
>> spam folder, as they should have been).
> 
> As they say on the internet: Pictures, or it didn't happen!
> 
> Can you post any examples to something like pastebin?
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)

--
Larry Finch
finches at portadmiral.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140605/adfe7118/attachment.html>


More information about the dmarc-discuss mailing list