--On Sunday, April 13, 2014 23:28 -0400 John R Levine
<johnl@xxxxxxxxx> wrote:
>>> Yes, that's the 1980s percent hack.
>
>> intended recipient. While a bit inefficient -- and probably
>> will emerge as an attack vector (sigh) -- it's a plausible
>> mechanism.
>
> Right -- something is seriously wrong with DMARC as used if we
> need to invent new phish syntaxes to work around it.
Sadly, there are a non-trivial number of MTA installations whose
implementers or operators, having discovered that they had not
seen a legitimate use of the percent hack in years, decided that
they were about as likely to appear in legitimate messages as
source routing and dealt with them accordingly. Put more
simply, a "%" in a local-part may be least as likely to get a
message rejected or dumped as a badly specified DMARC record, so
the one is really not a very good cure for the other.
john