-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <CAH48ZfxMZzu0YoVOOGgBrhNMMcrZcArpM=ygg7brz5fum1x...@mail.gma il.com>, Douglas Foster <dougfoster.emailstanda...@gmail.com> writes
> I am surprised at the lack of feedback about Barry's research link. > It is a devastating attack on our ability to trust SPF when > shared infrastructure is involved. those of us who look at email logs (at scale) have long been aware that major brands with shared infrastructure SPF settings can be trivially spoofed (and what's more they ARE trivially spoofed pretty much all the time) Since there's lots of other ways of constructing convincing phish (you only really need a good Subject header field and the right logo) it is just one approach for the bad guys among many. > As a result of that document, I > have switched camps and believe that we MUST provide a DKIM-only > option for DMARC. when this last came up the people who like SPF argued that the fix was for people to set their SPF records so that they did not actually count towards a DMARC pass (using the ? mechanism) -- and they seemed to carry the day (or we all just got too tired to argue for something simpler) > The proposed workaround, of using a "?" modifier to force SPF > Neutral instead of Pass, seems to lack both awareness and > implementation, since it was not even mentioned in the research > document as a mitigation. I'm assuming that when I have time to read the latest version of the document then that will have been written down so as to guide people. If not then that should be fixed ASAP. But I'm not surprised that the researchers had not come across it, or if they did they did not understand exactly what it did -- you may recall that I did not either first time around. - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZeELXd2nQQHFxEViEQJvegCgvhjdXl2lp6II7F81aZQl5LzkVpIAoNrr If2g48lRUyad+MqVbgXasMcp =A46e -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc