In article <c45b61d902e04be48abe3a4bede67...@bayviewphysicians.com> you write: >-=-=-=-=-=- >But are your really arguing that no one in the Mailing List business paid >attention to > the concerns about the fraud and spoofing problems with email?
I am unaware of any mailing lists causing fraud and spoofing problems in email, so no more than anyone else. (Sending along real mail in ways that DMARC cannot describe is neither fraud nor spoofing, of course.) >This morning I had a conversation with the CEO of a company that was hit by >ransomware which arrived with the help of a >single email. He is slowly getting his company back after paying a lot of >money to people who want to destroy us. I think you would be dismayed how little of that would be stopped by more stringent DMARC policies. They use lookalike addresses, or they depend on MUAs that show the From header comments rather than the addresses. I once saw a very slick spear phish where the crook registered the victim's domain name subsituting "rn" for "m". R's, John PS: >My comments about From validation were based on the wording of the RFCs, so I >stand by what I said. I hope you will forgive me if I do not accept your interpretation of RFCs that I wrote. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc