On Sat, Jul 18, 2020 at 10:17 AM Jim Fenton <fen...@bluepopcorn.net> wrote:
> Yes, the issues of cousin domains, homoglyphs, etc. are thrown out there > as reasons why DMARC is "irrelevant" to solving problems such as spam or > phishing. It doesn't solve spam but it does have an impact on phishing, if > only to push the bad guys to "push reality". If I get a phishing email from > a bank that is not my own, I as an end user am less likely to fall for that > particular phishing scheme. It makes it easier for validators/receivers to > differentiate real from Memorex. It's also important to recognize that the > environment isn't static. The bad guys are always thinking up new > approaches as the old/currnt ones yield declining results. This evolving > context is sometimes brandished against DMARC as an indicator that it isn't > useful. > > It's not that DMARC isn't useful. We need to consider (and document) the > threats that it is effective against (unauthenticated mail claiming to come > from a domain from which it should have been authenticated) and those it is > not effective against (homoglyphs, display name misuse, etc.). And then we > need to consider the collateral damage, such as against mailing lists and > their users, and do a cost/benefit analysis to determine whether the > benefit justifies the breakage. With 5 years of experience since RFC 7489 > was published it's reasonable to revisit these issues with the benefit of > that experience. > DMARC did attempt to document these shortcomings itself, for example in Section 12.4 of RFC 7489 which covers display name attacks. I imagine this would be carried forward into the standards track version, unless the working group wants to entertain the idea of breaking it all out and re-hashing it first. This working group also produced RFC 7960 which talks about the problems with respect to mailing lists. Maybe we have more data in the last four years? Still unresolved, IMHO, is Dave's point about whether the RFC5322.From domain truly matters. -MSK, most participatorially
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
