[dmarc-discuss] DMARC thwarted already?

John Levine johnl at taugh.com
Thu Jun 5 20:24:08 PDT 2014


>While there's many permutation of letters and symbols that can make a
>domain only a few will be close enough to be used for the purposes of
>fooling someone to think its another domain that they regularly  interact
>with.  (E.g. Someone isn't going to be fooled that t43397u.com looks like
>twitter.com.)

No, but they'll be fooled by wellsfargo.com.banker.email (available,
grab it while you can.)  There's also a variety of IDN tricks involving
lookalike characters that aren't used much in the US but are popular
elsewhere.

R's,
John


More information about the dmarc-discuss mailing list