[dmarc-discuss] DMARC thwarted already?

John Levine johnl at taugh.com
Thu Jun 5 15:34:57 PDT 2014


In article <0824AAFA38087A4285DB5B27F9323DC30514CF4464 at rpcoex01.rpcorp.local> you write:
>I agree - DMARC does not protect against the From description. But if the MUA were to display
>the full From header rather than the description only, we might be getting somewhere.

We might, but we probably wouldn't, since there's no reason to assume
that typical users understand the security implications of mail
addresses and domain names.  Also, considering that there is
approximately an infinite number of ways to write something that looks
sort of like some other thing that people are expecting, this approach
is bailing the ocean with a sieve.

It might work better to flip things around and try highlighting the
good stuff.  Green bar SSL certs are an example of this approach.

R's,
John


More information about the dmarc-discuss mailing list