On 19/04/2014 03:20, Murray S. Kucherawy wrote:
...
> One of the key points about DMARC's design is that it's concerned
> specifically with From:. The reason is that the content of From: is what's
> typically shown to the recipient by MUAs. If DMARC keyed off Sender:
> instead, then this would work:
>
> MAIL FROM: haha@xxxxxxxxxxxxxxxxxx
>
> From: security@xxxxxxxxxx
> Sender: haha@xxxxxxxxxxxxxxxxxx
> DKIM-Signature: v=1; d=badguy.example.com; ...
So, if the From says
From: goodguy@xxxxxxxxx <haha@xxxxxxxxxxxxxxxxxx>
many UAs would show only goodguy@xxxxxxxxx as the sender,
but badguy could have passed DMARC, no?
This would not exactly enhance goodguy's reputation,
or Yahoo's for that matter. I realise it isn't the exploit
that Yahoo is trying to stop, but it suggests to me that
DMARC is only plugging one small hole in a very leaky dam.
Brian