[dmarc-discuss] DMARC thwarted already?

Josh Aberant jaberant at twitter.com
Thu Jun 5 17:19:03 PDT 2014


>
> Well, technically, that's true since the total number of possible
> domains is finite, it's 2^2040.  But the claim that you can enumerate
> all of the misleading domains, much less get control of them, is
> completely contrary to my experience.
>
>
Could you share more info about your experience here?

While there's many permutation of letters and symbols that can make a
domain only a few will be close enough to be used for the purposes of
fooling someone to think its another domain that they regularly  interact
with.  (E.g. Someone isn't going to be fooled that t43397u.com looks like
twitter.com.)

Based on what I've seen protecting one of the more attacked domain on the
internet the bad guys will use a few hundred look alike permutations. After
that the domains aren't similar enough to be worth using since they won't
fool anyone.

A few hundred domains is manageable to both claim and then (finally!) throw
up DMARC records that lock down the domains.

Josh


http://t.co/Josh
Josh Aberant
@jaberant



On Thu, Jun 5, 2014 at 4:59 PM, John Levine <johnl at taugh.com> wrote:

> >Actually there is a finite number of look alike domains to any domain that
> >are similar enough to fool someone.
>
> Well, technically, that's true since the total number of possible
> domains is finite, it's 2^2040.  But the claim that you can enumerate
> all of the misleading domains, much less get control of them, is
> completely contrary to my experience.
>
> R's,
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140605/b44f96fa/attachment-0001.html>


More information about the dmarc-discuss mailing list