Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

Neil Anuskiewicz Thu, 24 Nov 2022 11:22:21 -0800

On Nov 24, 2022, at 7:10 AM, Dotzero <dotz...@gmail.com> wrote:

On Tue, Nov 15, 2022 at 12:29 PM Douglas Foster <dougfoster.emailstanda...@gmail.com> wrote:
Your solution is straightforward, but I am not sold.

DMARC PASS means that the message is free of author impersonation. This can only be true if all authors are verifiable and verified.

This is absolutely not true. An attacker can use homoglyphs, cousin domains and other means of impersonating a sender. An attacker can impersonate a sender within the same domain and DMARC will happily give a pass because the right hand side of the from address matches. Author != sending domain. DMARC only addresses direct domain impersonation.

Can we assume that in the context of DMARC, passing means passing with alignment when it stops exact domain impersonation. I think we can assume that nobody on this list thinks me using my own passing spf and dkim with sketchythreatactor.com and spoofing your header from isn’t what anyone means by pass in this context. If the effect can stop impersonation it’s ipso facto in alignment.

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

Reply via email to