MH Michael Hammer (5304) wrote:
MH: I’m going to disagree with Murray on the fact that it’s hurting us, the company as the motivator, at least from my perspective. I see it as preventing end users from getting hurt from this particular use case (direct domain abuse). The further we (for some definition of we) can push bad actors from reality (from the users perspective), the less likely they are to fall for certain types of social engineering. I would hypothesize that increased abuse of the type Yahoo has been seeing may be in part due to increased difficulty on the part of malicious individuals in abusing brands implementing DMARC with p=reject. P to P mail becomes increasingly attractive and the use of stolen address books or user email addresses and information from stored messages can be used to improve the effectiveness of the social engineer.
At least from the perspective of our lists, and spam traps - abuse of stolen address books and such has been a much larger problem than email from forged addresses -- at least where Yahoo is concerned, our normal spam traps (spamassassin with lots of checks) caught (and continue to catch) most incoming spam -- EXCEPT for the stuff that comes form legitimate addresses.
I.e., botnets that have access to address books and legitimate login credentials have been the main problem we've seen. At least so far, p=reject hasn't led to an increase in that.
Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra