RE: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> -----Original Message-----
> From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Miles Fidelman
> Sent: Friday, April 18, 2014 5:12 PM
> Cc: ietf
> Subject: Re: DMARC from the perspective of the listadmin of a bunch of
> SMALL community lists
> 
> MH Michael Hammer (5304) wrote:
> >
> > MH: I’m going to disagree with Murray on the fact that it’s hurting
> > us, the company as the motivator, at least from my perspective. I see
> > it as preventing end users from getting hurt from this particular use
> > case (direct domain abuse). The further we (for some definition of we)
> > can push bad actors from reality (from the users perspective), the
> > less likely they are to fall for certain types of social engineering.
> > I would hypothesize that increased abuse of the type Yahoo has been
> > seeing may be in part due to increased difficulty on the part of
> > malicious individuals in abusing brands implementing DMARC with
> > p=reject. P to P mail becomes increasingly attractive and the use of
> > stolen address books or user email addresses and information from
> > stored messages can be used to improve the effectiveness of the social
> > engineer.
> >
> 
> At least from the perspective of our lists, and spam traps - abuse of
> stolen address  books and such has been a much larger problem than email
> from forged addresses -- at least where Yahoo is concerned, our normal
> spam traps (spamassassin with lots of checks) caught (and continue to
> catch) most incoming spam -- EXCEPT for the stuff that comes form
> legitimate addresses.
> 
> I.e., botnets that have access to address books and legitimate login
> credentials have been the main problem we've seen.  At least so far,
> p=reject hasn't led to an increase in that.
> 

The assertion has been made that the mail abusing the stolen address books was being sent from places other than yahoo.com but claiming to be from compromiseduser@xxxxxxxxx. In this scenario p=reject would have an impact in mitigating that type of abuse for mailbox providers validating DMARC (notwithstanding the damage done to mailing lists and other 3rd parties).

Mike
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]