[dmarc-discuss] On Inbound DMARC Support

Steve Atkins steve at wordtothewise.com
Fri Jun 20 09:31:00 PDT 2014

On Jun 20, 2014, at 8:45 AM, Brian Westnedge via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

> Here's a simple use case for a spear-phisher where DMARC could be effective on the inbound:
> 1. Phisher targets a specific exec at bigbank.com
> 2. Phisher sends fake FedEx tracking email from fedex.com (p=reject) to exec's admin with a note from exec for admin to track a shipment that has been ordered  
> 3. Assuming DMARC is not being checked on the inbound, Admin clicks malicious tracking number link, credentials are stolen, breach ensues 
> The above does of course assume that the phisher is either not familiar with DMARC, or thinks that it won't be checked by a B2B entity like bigbank.com.

Right. Any approach that's predicated on the assumption that someone behind a spear-phishing (or other "APT"-esque) attack is stupid and/or unaware of generally known anti-phishing approaches is probably flawed. As is any that assumes that once the spear-phisher sends one email that bounces they're going to just give up on that target and move on.


More information about the dmarc-discuss mailing list