On Jun 5, 2014, at 1:49 PM, Les Barstow via dmarc-discuss <dmarc-discuss@dmarc.org> wrote:
> I agree - DMARC does not protect against the From description. But if the MUA > were to display the full From header rather than the description only, we > might be getting somewhere. > > The rest of your response backs up my point; the will to get this done > "right" in a broader sense does not exist and we're left with ineffective > band-aids and holes large enough to drive a truck full of phish through. Dear Les, The general concept of DMARC was to dramatically reduce attack surfaces seen by their recipients. DMARC is about retaining email as a means to offer notifications. For many, SMS might cost $0.2 a piece. Social networking is no panacea either. Many expose users to unidentified sources of malicious content hidden in obfuscated javascript and unseen iFrames for example. Ad distribution remains a truly lawless arena where crimes might be funded by fraudulent clicks. Rather than waiting to lock down every option, banning use of obfuscated javascript, ensuring every identifier resolves, more can be accomplished by simply establishing a chain of trust between various sources. Sources are then retained only as long as they remain aggressive at excluding _any_ source of abuse. TPA-Label could be used with ad content, social messaging, mail-lists, small office financial invoicing, even allowing exceptions for DMARC alignment. Regards, Douglas Otis
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
