[dmarc-discuss] DMARC thwarted already?

Dave Crocker dhc at dcrocker.net
Thu Jun 5 07:58:28 PDT 2014


On 6/5/2014 7:32 AM, Larry Finch via dmarc-discuss wrote:
> 
> It’s pretty clear from reviewing them how they bypassed DMARC; in one
> case the forged FROM address simply left off the aol.com
> <http://aol.com> domain, and just had the AOL Screen Name (that the
> recipients would recognize) in the FROM field. It was sent to the
> contact list of the owner of that screen name, so either there was
> another break-in at AOL or it was a holdover from the earlier hack of AOL.
> 
> The other was sent to a Yahoo Groups list. As Yahoo Groups has their own
> workaround this worked.


Interesting.  Many thanks for raising this and exploring the nature of it.

It could be quite useful to get documentation of this happening more widely.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net


More information about the dmarc-discuss mailing list