On Fri, Apr 18, 2014 at 1:47 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
So, if the From says
From: goodguy@xxxxxxxxx <haha@xxxxxxxxxxxxxxxxxx>
many UAs would show only goodguy@xxxxxxxxx as the sender,
but badguy could have passed DMARC, no?
This would not exactly enhance goodguy's reputation,
or Yahoo's for that matter. I realise it isn't the exploit
that Yahoo is trying to stop, but it suggests to me that
DMARC is only plugging one small hole in a very leaky dam.
Yes indeed. The DMARC base document discusses this already, by admitting it's not a problem DMARC can solve right away:
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-17.4
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-17.4
It's also something that was brought up as a proposed work item for the IETF.
-MSK