Re: Google threatens to break Gmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>Which suggests that DMARC status is pretty much orthogonal to spam detection,
>on this small sample.

DMARC has very little to do with spam detection.  Its original purpose
is to deter phishing of famous brands, of which paypal is the poster
child.  It works pretty well for that, since those organizations tend
to send all of their mail from a few places they control and (other
than Linkedin which is no great loss) the staff members who are on
mailing lists use addresses in other domains.

Last year AOL and Yahoo repurposed it after they each separately
allowed crooks to steal their users' address books, so AOL and Yahoo
users were getting spam from the AOL and Yahoo addresses of people
they knew, sent from outside AOL and Yahoo.  So AOL and then Yahoo
turned DMARC on, which was quite effective at stopping that particular
flavor of spam, but in the process forcing the costs of their security
failures on everyone else.

R's,
John

PS: To the obvious question of why don't crooks phish paypal from
lookalike domains, they do, but a remarkable number of them still use
the exact domain.  Partly that's because it's easier, partly because
if the exact address gets through, it can match entries in the
recipients' address books and get displayed in ways that makes it look
more credible.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]