[dmarc-discuss] DMARC thwarted already?
Les.Barstow at returnpath.com
Thu Jun 5 13:49:12 PDT 2014
I agree - DMARC does not protect against the From description. But if the MUA were to display the full From header rather than the description only, we might be getting somewhere.
The rest of your response backs up my point; the will to get this done "right" in a broader sense does not exist and we're left with ineffective band-aids and holes large enough to drive a truck full of phish through.
From: J. Gomez [mailto:jgomez at seryrich.com]
> Straightening it out "the right way" probably involves some
> combination of revisiting the definitions of the various From/Sender
> fields, compliance to those definitions within the DMARC spec, some
> kind of resender resign mechanism, and buy-in from MUA, mailing list,
> and MTA software providers.
I, for one, am not buying-in into it.
What you are proposing already exists, essentially it is called X.400 Message Handling System. It was tried, and ultimately did not stick.
Going back on topic, though: phishing through the description in the Header-From is not what DMARC protects against, the spec says so explicitly.
More information about the dmarc-discuss