On 06/19/2014 06:58 PM, John Levine via dmarc-discuss wrote: >> Same-domain phishing is highly effective, so anything that addresses it is a >> prudent >> control to deploy. > Yes, I believe it. > >> Thus, inbound DMARC filtering is desirable for corporate infrastructure. > No, for this threat it's irrelevant. > > Surely we don't have to explain why you don't need DMARC to implement > a policy about mail from your own domains on your own servers. You > just do it. Someone at Cisco told me they were doing inbound phish > filtering almost a decade ago with IIM, one of the predecessors to > DKIM.
There appears to be some confusion - the phrase "same-domain phishing" has been used to identify what DMARC addresses, as opposed to "cousin domain phishing" or "display name munging." My apologies if the term is not in sufficiently wide usage. No, I don't need DMARC to counter inbound phishing using my own domains - we did that at BofA using SPF almost a decade ago. Configuring a few dozen domains we controlled and already saw and approved all updates for to require SPF inbound was manageable and highly effective. But managing similar many-to-many configurations and updates across organizations is posing a real problem for B2B TLS at scale. It's been a frequent topic among FS-ISAC members, if not at MAAWG or IETF. Fortunately when it comes to anti-phishing and the role DMARC can play there, the picture's a little different. --S. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
