[dmarc-discuss] On Inbound DMARC Support

Steven M Jones smj at crash.com
Thu Jun 19 21:14:01 PDT 2014


On 06/19/2014 06:58 PM, John Levine via dmarc-discuss wrote:
>> Same-domain phishing is highly effective, so anything that addresses it is a prudent
>> control to deploy.
> Yes, I believe it.
>
>> Thus, inbound DMARC filtering is desirable for corporate infrastructure.
> No, for this threat it's irrelevant.
>
> Surely we don't have to explain why you don't need DMARC to implement
> a policy about mail from your own domains on your own servers.  You
> just do it.  Someone at Cisco told me they were doing inbound phish
> filtering almost a decade ago with IIM, one of the predecessors to
> DKIM.

There appears to be some confusion - the phrase "same-domain phishing"
has been used to identify what DMARC addresses, as opposed to "cousin
domain phishing" or "display name munging." My apologies if the term is
not in sufficiently wide usage.

No, I don't need DMARC to counter inbound phishing using my own domains
- we did that at BofA using SPF almost a decade ago. Configuring a few
dozen domains we controlled and already saw and approved all updates for
to require SPF inbound was manageable and highly effective.

But managing similar many-to-many configurations and updates across
organizations is posing a real problem for B2B TLS at scale. It's been a
frequent topic among FS-ISAC members, if not at MAAWG or IETF.
Fortunately when it comes to anti-phishing and the role DMARC can play
there, the picture's a little different.

--S.



More information about the dmarc-discuss mailing list