MH Michael Hammer (5304) writes:

 > One that comes to mind immediately is compromise existing list(s)
 > (MLM) used by target audience and then modify posts as desired. It
 > may be that the modification would be for only one or a few
 > recipients.

This has nothing to do with the registration issue.  It's about the
delegation protocols themselves.

That said, sure -- that's an obvious threat for the delegation
protocols, and it applies to other registration schemes, including
"manual" ones like Otis's tpa-labels, too.  But is it worth the
spammer's while?

First, note that we're assuming the spammers really want to send
"from" p=reject Author Domains.  Otherwise, why bother with suborning
the mailing lists?  If you can send apparently-from a p=none domain,
delegation simply doesn't matter, because even DMARC itself doesn't
come into play.  I suppose one reason is that they have contact lists
from the Author Domains in question.  Are these still effective?

Next, there is a small number of lists (60,000 or so).[1]  What is
the probability that you get a "large" intersection of contact lists
with subscriber lists?  Spammers think in terms of "shots" of
*millions*; they need to be able to put out 20 recipients per list
even if they compromise *all* of those lists, just to make their first
million.  Of course, maybe they just want to broadcast to the whole
list "from" a p=reject domain address, but that makes the campaign all
the more obvious.

Is all that really worth it to a spammer, given that such a campaign
would be noticed quickly, and delegation authority withdrawn from the
Author Domains' MTAs?

It all comes down to how p=reject Author Domains perceive the risk of
abuse vs. the benefit to their mailbox users of being able to post to
mailing lists without having their posts from-munged or wrapped.  I
think it's worth laying out the threat models we can think of for
them, but in the end they decide.

 >  I'm sure there are other mechanisms if a little thought is put
 >  into it.

Of course.  As long as email as we know it exists, there will be (and
most won't involve Mediators at all!)

But the real question is can we lock things down enough to make
spamming and phishing unprofitable?


Footnotes: 
[1]  I suspect that the ones that contain large numbers of p=reject
posters are already under attack for this purpose, presumably
unsuccessfully.

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to