On Jun 19, 2014, at 7:40 PM, Steven M Jones via dmarc-discuss <dmarc-discuss@dmarc.org> wrote:
> On 06/19/2014 05:23 PM, Steve Atkins via dmarc-discuss wrote: >> On Jun 19, 2014, at 4:56 PM, Steven M Jones via dmarc-discuss >> <dmarc-discuss@dmarc.org> wrote: >>> However DMARC can help remediate a vector commonly used to initiate an >>> intrusion against corporate networks, >> I suspect you mean mitigate (although remediate does actually fit rather >> well). > > In fact i had switched between the two words - I don't mind switching back. > > >> You can't make that bald statement without expecting someone to ask for some >> evidence of it being useful for that purpose, though. > > I don't mind being asked. And I thought I had provided appropriate > references in the rest of my previous message... > > >> (It's fairly clear to me, for instance, that it's not true - so it's be >> useful to provide a plausible line of reasoning for it being so; one that'll >> stand up to discussion). > > Again, I thought I'd provided the reasoning. > > - Phishing is used to gain unauthorized access to corporate networks Yes. > - Unauthorized access to corporate networks is used to effect data breach Yes. > - To reduce incidence of data breach, mitigate unauthorized access Yes. > - To reduce incidence of unauthorized access, take measures to reduce > successful phishing Yes. Spear phishing in particular. > - DMARC is effective against one of the most effective forms of phishing No, it's not. DMARC will briefly reduce bulk phishing from phishers who don't know about DMARC. But, after that very brief lull it'll have minimal effect. It doesn't affect anything that's visible to the end user. It doesn't make it any easier (or more difficult) to filter out phishes by content (or by using domain-based whitelisting or ...). It does mean that end users will be trained to accept that "the From: field will sometimes look funny". It certainly won't slow down a sophisticated spear phisher, which is the sort of phishing you're talking about when you're discussing compromising corporate networks. > > So to me, it follows that adopting DMARC is a reasonable corporate > measure to help combat inbound phishing, which can result in > unauthorized access, which can result in data breach. > > I believe I provided examples to show that successful phishing of > corporate entities has been a key step leading to data breach. Cheers, Steve _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)