MH Michael Hammer (5304) wrote:
-----Original Message-----
From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Miles Fidelman
Sent: Friday, April 18, 2014 5:12 PM
Cc: ietf
Subject: Re: DMARC from the perspective of the listadmin of a bunch of
SMALL community lists
MH Michael Hammer (5304) wrote:
MH: I’m going to disagree with Murray on the fact that it’s hurting
us, the company as the motivator, at least from my perspective. I see
it as preventing end users from getting hurt from this particular use
case (direct domain abuse). The further we (for some definition of we)
can push bad actors from reality (from the users perspective), the
less likely they are to fall for certain types of social engineering.
I would hypothesize that increased abuse of the type Yahoo has been
seeing may be in part due to increased difficulty on the part of
malicious individuals in abusing brands implementing DMARC with
p=reject. P to P mail becomes increasingly attractive and the use of
stolen address books or user email addresses and information from
stored messages can be used to improve the effectiveness of the social
engineer.
At least from the perspective of our lists, and spam traps - abuse of
stolen address books and such has been a much larger problem than email
from forged addresses -- at least where Yahoo is concerned, our normal
spam traps (spamassassin with lots of checks) caught (and continue to
catch) most incoming spam -- EXCEPT for the stuff that comes form
legitimate addresses.
I.e., botnets that have access to address books and legitimate login
credentials have been the main problem we've seen. At least so far,
p=reject hasn't led to an increase in that.
The assertion has been made that the mail abusing the stolen address books was being sent from places other than yahoo.com but claiming to be from compromiseduser@xxxxxxxxx. In this scenario p=reject would have an impact in mitigating that type of abuse for mailbox providers validating DMARC (notwithstanding the damage done to mailing lists and other 3rd parties).
All I can report is what I see in our logs, and after-the-fact analysis
of mail that has actually made onto the lists we run.
Miles
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra