[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Franck Martin fmartin at linkedin.com
Sat Jun 7 10:31:06 PDT 2014


On Jun 7, 2014, at 5:26 PM, Dave Crocker via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

> On 6/7/2014 5:15 PM, Scott Kitterman via dmarc-discuss wrote:
>> Maybe I lost context, but I thought the claim that was being disputed and 
>> needed assessment was if p=reject was affecting the rate of phishing attempts.  
>> It would seem to me that for that question, a comparison of before/after 
>> p=reject data would yield some interesting information.
> 
> 
> ahh.  ok.  sort of.
> 
> That does get at attempts via the protected path, namely rfc5322.from
> field domain.
> 
> However it doesn't permit measuring other aveneues of attack spoofing
> the dmarc-using organization.
> 
> A claim that attackers will use work-arounds creates a desire for
> measuring use of work-arounds...
> 


But the claim is that these workarounds will mainly happen after you do DMARC p=reject. This data is coming in a not too distant future now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140607/8c695ae1/attachment-0001.bin>


More information about the dmarc-discuss mailing list