On 04/14/2014 07:53 PM, Murray S.
Kucherawy wrote:
This might have been true if: 1. Yahoo _did_ solve the abuse problem and 2. the decision making process within a closed industry consortium with maybe less than 20 members, representing immense commercial power, could be compared to the process of consensus, that's being used within IETF. Ad 1. Yahoo only solved some of the problem, for some time and only for themselves. But we have seen that bad guys have adapted faster than anyone else to new technologies: - 90% of all mail agents show the display-name in the From field and with the current move towards mobile devices this percentage will likely further increase; - Yahoo doesn't use the From:From construct to enable receivers to detect use of multiple From: fields; - developments like EAI will help bad guys to find lookalike domains/cousin domains [1], [2] Ad 2. I assume this doesn't need further explanation. /rolf [1] http://www.ietf.org/mail-archive/web/dmarc/current/msg00370.html [2] http://en.wikipedia.org/wiki/IDN_homograph_attack |