[dmarc-discuss] DMARC thwarted already?

Josh Aberant jaberant at twitter.com
Thu Jun 5 16:34:04 PDT 2014


> We might, but we probably wouldn't, since there's no reason to assume
> that typical users understand the security implications of mail
> addresses and domain names.  Also, considering that there is
> approximately an infinite number of ways to write something that looks
> sort of like some other thing that people are expecting, this approach
> is bailing the ocean with a sieve.
>

Actually there is a finite number of look alike domains to any domain that
are similar enough to fool someone. And DMARC finally gives us a way to
address the look alike domain problem. It use to be that we'd go claim look
alike domains but the bad guys would just then spoof them anyways. With
DMARC you can now lock down a domain after you've claimed it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140605/15ce98ae/attachment.html>


More information about the dmarc-discuss mailing list