[dmarc-discuss] the obvious lookalike attack

John Levine johnl at taugh.com
Sat Jun 7 13:57:04 PDT 2014

>A claim that attackers will use work-arounds creates a desire for
>measuring use of work-arounds...

Here's an anecdote: I've been getting a fair amount of spam from what
are obviously stolen AOL address books, since I recognize the sender
and the other recipients.  Now I'm getting the same spam, but the
From: line has her name as the comment, same as always, but some
random non-AOL address.

I suppose that suggests that DMARC may have been somewhat effective at
stopping the phish using the exact address, so they're doing what lists
do, munge the address to hide it from DMARC.


More information about the dmarc-discuss mailing list