Murray S. Kucherawy writes: > On Fri, Jul 7, 2023 at 6:35 PM Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > > Consequently, the problem remains: How does an evaluator distinguish > between a legitimate list and a malicious attack? > > If we had a reliable answer to that, this would've been over ages ago. > Unfortunately, any mechanism we create for lists to distinguish their traffic > can be trivially co-opted by bad actors.
I think phishing attacks using mailing list format would not be as efficient as it would be to inpersonate some other user that the intended recipient is familiar with. Mailing list are also something that quite a lot people already have special filters for, i.e., direct them to separate mailbox, allow them to go through without spam checking etc. For mailing lists users actually joined willingly, the users are familiar to, and have ability to cope. If it is mailing list they got added without their real consent, then if some of those messages gets lost because it is run through spam filtering and they get some extra spam points because no dkim signature etc the user probably do not care even if they are thrown away. The problem with DMARC checking is that it is usually done too early, and without consulting intended recipient whitelist/policy etc. Users can't add rules that say that mailing lists having DKIM signature of header.d=ietf.org are ok, and should get through even when the DMARC checks fails. -- kivi...@iki.fi _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
