[dmarc-discuss] DMARC thwarted already?
dhc at dcrocker.net
Thu Jun 5 07:58:28 PDT 2014
On 6/5/2014 7:32 AM, Larry Finch via dmarc-discuss wrote:
> It’s pretty clear from reviewing them how they bypassed DMARC; in one
> case the forged FROM address simply left off the aol.com
> <http://aol.com> domain, and just had the AOL Screen Name (that the
> recipients would recognize) in the FROM field. It was sent to the
> contact list of the owner of that screen name, so either there was
> another break-in at AOL or it was a holdover from the earlier hack of AOL.
> The other was sent to a Yahoo Groups list. As Yahoo Groups has their own
> workaround this worked.
Interesting. Many thanks for raising this and exploring the nature of it.
It could be quite useful to get documentation of this happening more widely.
More information about the dmarc-discuss