On 6/5/2014 7:32 AM, Larry Finch via dmarc-discuss wrote: > > It’s pretty clear from reviewing them how they bypassed DMARC; in one > case the forged FROM address simply left off the aol.com > <http://aol.com> domain, and just had the AOL Screen Name (that the > recipients would recognize) in the FROM field. It was sent to the > contact list of the owner of that screen name, so either there was > another break-in at AOL or it was a holdover from the earlier hack of AOL. > > The other was sent to a Yahoo Groups list. As Yahoo Groups has their own > workaround this worked.
Interesting. Many thanks for raising this and exploring the nature of it. It could be quite useful to get documentation of this happening more widely. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)