Re: [dmarc-ietf] Some Gmail comments on DMARCbis version 28

Wed, 13 Sep 2023 18:32:04 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <CAH48ZfyQzzoKkefEm9M7AQfLAxM+WcanPrzB_xMxRMu-
czy...@mail.gmail.com>, Douglas Foster <dougfoster.emailstandards@gmail.
com> writes

>    The coverage problem is aggravated if we assume rational attackers. 
>      With a plethora of domains available for impersonation, attackers 
>    are least likely to use domains that are protected with p=reject.

you have grasped it ... the rational attackers do not impersonate the
protected domains, and the irrational attackers are blocked when they
do; hence the domain is protected and users are not misled

>    Therefore the reference model implementation protects an evaluator 
>    where attacks are least likely, and fails to protect an evaluator 
>    where attacks are most likely.

however DMARC protects end users who might act on emails that were
spoofed to be from the domain that has been protected

Ian Levy (then of NCSC here in the UK) in "Active Cyber Defence - One
Year On" reported

     We have seen the number of messages spoofed from an @gov.uk address
     (for example, taxref...@gov.uk) fall consistently over 2017,
     suggesting that criminals are moving away from using them as fewer
     and fewer of them are delivered to end users.

     Across the 555 public sector email domains reporting to Mail Check,
     we are seeing an average of 44.1 million messages a month which
     fail verification, with a peak of 78.8 million in June. Of those,
     an average of 4.5 million are not delivered to the end users. The
     peak in June saw 30.3 million spoofed messages not delivered to end
     users.

from which you will see that there are were a number of irrational
attackers, but that the rational ones now found their task harder

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBZQJiO92nQQHFxEViEQIQ/wCg3bMOOkwzlALOCiqSeyYat37sLPsAoMmY
PQmhq6x7U/NYsa9/qa0geqQO
=cwUs
-----END PGP SIGNATURE-----

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to