[dmarc-discuss] On Inbound DMARC Support
steve at wordtothewise.com
Fri Jun 20 07:12:27 PDT 2014
On Jun 19, 2014, at 7:40 PM, Steven M Jones via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
> On 06/19/2014 05:23 PM, Steve Atkins via dmarc-discuss wrote:
>> On Jun 19, 2014, at 4:56 PM, Steven M Jones via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
>>> However DMARC can help remediate a vector commonly used to initiate an intrusion against corporate networks,
>> I suspect you mean mitigate (although remediate does actually fit rather well).
> In fact i had switched between the two words - I don't mind switching back.
>> You can't make that bald statement without expecting someone to ask for some evidence of it being useful for that purpose, though.
> I don't mind being asked. And I thought I had provided appropriate
> references in the rest of my previous message...
>> (It's fairly clear to me, for instance, that it's not true - so it's be useful to provide a plausible line of reasoning for it being so; one that'll stand up to discussion).
> Again, I thought I'd provided the reasoning.
> - Phishing is used to gain unauthorized access to corporate networks
> - Unauthorized access to corporate networks is used to effect data breach
> - To reduce incidence of data breach, mitigate unauthorized access
> - To reduce incidence of unauthorized access, take measures to reduce
> successful phishing
Yes. Spear phishing in particular.
> - DMARC is effective against one of the most effective forms of phishing
No, it's not.
DMARC will briefly reduce bulk phishing from phishers who don't know about
DMARC. But, after that very brief lull it'll have minimal effect.
It doesn't affect anything that's visible to the end user. It doesn't
make it any easier (or more difficult) to filter out phishes by content
(or by using domain-based whitelisting or ...).
It does mean that end users will be trained to accept that "the From:
field will sometimes look funny".
It certainly won't slow down a sophisticated spear phisher, which is
the sort of phishing you're talking about when you're discussing
compromising corporate networks.
> So to me, it follows that adopting DMARC is a reasonable corporate
> measure to help combat inbound phishing, which can result in
> unauthorized access, which can result in data breach.
> I believe I provided examples to show that successful phishing of
> corporate entities has been a key step leading to data breach.
More information about the dmarc-discuss