[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Dave Crocker dhc at dcrocker.net
Sat Jun 7 08:26:18 PDT 2014


On 6/7/2014 5:15 PM, Scott Kitterman via dmarc-discuss wrote:
> Maybe I lost context, but I thought the claim that was being disputed and 
> needed assessment was if p=reject was affecting the rate of phishing attempts.  
> It would seem to me that for that question, a comparison of before/after 
> p=reject data would yield some interesting information.


ahh.  ok.  sort of.

That does get at attempts via the protected path, namely rfc5322.from
field domain.

However it doesn't permit measuring other aveneues of attack spoofing
the dmarc-using organization.

A claim that attackers will use work-arounds creates a desire for
measuring use of work-arounds...


d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net


More information about the dmarc-discuss mailing list