[dmarc-discuss] MLM and Header-From rewritting - the SMTPopen-relay analogy

Shal Farley shal at roadrunner.com
Sat Jun 7 13:43:33 PDT 2014


> That does get at attempts via the protected path, namely rfc5322.from
> field domain.
> However it doesn't permit measuring other aveneues of attack spoofing
> the dmarc-using organization.

Hm... I guess there could be privacy problems with allowing a DMARC author domain to request reporting on "look-alike" domains. Along with the technical difficulty of creating a "look alike" metric.

I think that path leads back to Josh's suggestion that major senders claim the look-alikes (after somehow discovering what they are) and John's concern about there being an effectively inexhaustible number of them. At some point that all (once again) boils down to relying on user behavior - the user's ability to distinguish one email address from another.

-- Shal

More information about the dmarc-discuss mailing list