Re: DMARC: perspectives from a listadmin of large open-source lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Sunday, April 13, 2014 23:28 -0400 John R Levine
<johnl@xxxxxxxxx> wrote:

>>> Yes, that's the 1980s percent hack.
> 
>> intended recipient.  While a bit inefficient -- and probably
>> will emerge as  an attack vector (sigh) -- it's a plausible
>> mechanism.
> 
> Right -- something is seriously wrong with DMARC as used if we
> need to invent new phish syntaxes to work around it.

Sadly, there are a non-trivial number of MTA installations whose
implementers or operators, having discovered that they had not
seen a legitimate use of the percent hack in years, decided that
they were about as likely to appear in legitimate messages as
source routing and dealt with them accordingly.  Put more
simply, a "%" in a local-part may be least as likely to get a
message rejected or dumped as a badly specified DMARC record, so
the one is really not a very good cure for the other.

    john







[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]