IETF Logo Mail Archive

Re: [dmarc-ietf] the endless mailing list silliness, was not about outsourcing strategies

"J. Gomez" <jgomez@seryrich.com> Thu, 18 April 2013 21:15 UTC

Return-Path: <jgomez@seryrich.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92BD821F8FD9 for <dmarc@ietfa.amsl.com>; Thu, 18 Apr 2013 14:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.86
X-Spam-Level:
X-Spam-Status: No, score=-3.86 tagged_above=-999 required=5 tests=[AWL=0.739, BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAn2-ruLJ6Uy for <dmarc@ietfa.amsl.com>; Thu, 18 Apr 2013 14:15:15 -0700 (PDT)
Received: from eh.msi.es (eh.msi.es [213.27.239.123]) by ietfa.amsl.com (Postfix) with ESMTP id 96A4B21F8FCF for <dmarc@ietf.org>; Thu, 18 Apr 2013 14:15:13 -0700 (PDT)
Received: from servidor3 (62.82.191.195) by exchange01.exchange.msi.es (192.168.223.3) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 18 Apr 2013 23:15:11 +0200
Message-ID: <627428129C6541E9B6A205C502DA6500@fgsr.local>
From: "J. Gomez" <jgomez@seryrich.com>
To: dmarc@ietf.org
References: <20130409164432.68830.qmail@joyce.lan><CAL0qLwatZb=NdQDiuJ54AYnHc50i02K6Pruz0E+G3-XAs4wuag@mail.gmail.com><1890B81F63B44F1B8EAA345BA9D71FD5@fgsr.local><7044732.h21xgsJhV9@scott-latitude-e6320><DEC55828B10548238E93995563714190@fgsr.local><CAL0qLwbs3_0=jfGdgFjHYdZLViH4ymTMJp6+ia_-FQddaOwZMA@mail.gmail.com><9623C31B27CB4CC785D82BA7663483F6@fgsr.local> <CAL0qLwZTxvDWjRZwRE-wef0Ohv+af+Qq_-t3B4ffmJPdJNZyzw@mail.gmail.com>
Date: Thu, 18 Apr 2013 23:16:48 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.4657
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4913
Subject: Re: [dmarc-ietf] the endless mailing list silliness, was not about outsourcing strategies
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 21:15:15 -0000

Murray S. Kucherawy wrote:

> On Tue, Apr 16, 2013 at 2:47 PM, J. Gomez <jgomez@seryrich.com> wrote:
> 
> > How widespread do you thing that this not following DMARC's
> > "p=reject" to the letter could become when DMARC is (if at all)
> > massively deployed in the field?  
> 
> Hopefully every receiver also gets what those sections actually say
> and not your ultra-strict interpretation. 
> 
> > Don't you see here a potential vulnerability in DMARC, not in the
> > letter of the standard but on how it may be implemented in the field,
> > therefore opening a door for phishing email to sneak past "p=reject"?
> 
> No.

Time will tell.

Right now, you can get email that fails DMARC to land into the user's mailbox in Gmail just by inserting the right amount of list-related fake headers...

Regards,

J. Gomez

v2.23.0 | Report a Bug | By Email