IETF Logo Mail Archive

Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)

Dave Crocker <dcrocker@gmail.com> Sat, 06 July 2013 19:20 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B55721F9A30 for <dmarc@ietfa.amsl.com>; Sat, 6 Jul 2013 12:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ltRTStzaauU for <dmarc@ietfa.amsl.com>; Sat, 6 Jul 2013 12:20:35 -0700 (PDT)
Received: from mail-oa0-x236.google.com (mail-oa0-x236.google.com [IPv6:2607:f8b0:4003:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id 386C821F9A31 for <dmarc@ietf.org>; Sat, 6 Jul 2013 12:20:31 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id o6so4817297oag.27 for <dmarc@ietf.org>; Sat, 06 Jul 2013 12:20:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=1gz0YovbKt0pzK1HnBuTJgT/iwTbyWBPjF3VUnFuetA=; b=t+Fuo9qOElD87fYDDx4bPElL/NjQw5zuNKKWUWO2kjJpnT5Xxdbu6Lr/52p86ovJ5z aaBSE/Zd+xkG9tu7EbmkJOpD+Zs4qj7V7xEmGlcNyc+jDyHGOPYpjSOmngX+NmZu0uOp o3c6z7ssewk0D9WShL3cPn+Bu+6sDdEIuwdSCmL2PnRu7dV53UDW9SyjYyOlblGC3/QA 52k0QP4mwJ0wRErpkMvUmugCD/nNo1uH9szfVXCqFLoX9rDEm01mWp3nXekfxAFEPULL v8Nq0bAuklqCxcSbZoRbOjZcxw+gH/SAhCMffptd8lRTsq58eFQWEf/pNSRmFDIKgdw/ yHTQ==
X-Received: by 10.182.129.101 with SMTP id nv5mr15763892obb.56.1373138429806; Sat, 06 Jul 2013 12:20:29 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net. [76.218.9.215]) by mx.google.com with ESMTPSA id r4sm24300892oem.3.2013.07.06.12.20.28 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 06 Jul 2013 12:20:29 -0700 (PDT)
Message-ID: <51D86DE8.8060103@gmail.com>
Date: Sat, 06 Jul 2013 12:20:08 -0700
From: Dave Crocker <dcrocker@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Matt Simerson <matt@tnpi.net>
References: <519B47DC.20008@cisco.com> <CAL0qLwYZOp1FNVSAmzXYkZG_O3Yv+EQrAKKLpRiE5svcOMamTA@mail.gmail.com> <6.2.5.6.2.20130523002139.0da7ac58@resistor.net> <CAL0qLwYT6BS=HGLX1-u80aqaJWefipT5tcg5Ut_549y4rOej9g@mail.gmail.com> <51D858EB.3030202@gmail.com> <BD1F96A6-2D86-4FE7-89CC-E52CA32670D0@tnpi.net> <51D864EC.1040105@gmail.com> <EE6EA5CF-7D73-4952-A65A-736251B3811A@tnpi.net>
In-Reply-To: <EE6EA5CF-7D73-4952-A65A-736251B3811A@tnpi.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: SM <sm@resistor.net>, "dmarc@ietf.org" <dmarc@ietf.org>, "Murray S. Kucherawy" <superuser@gmail.com>, Eliot Lear <lear@cisco.com>
Subject: Re: [dmarc-ietf] cousin domain definition (was Re: Fwd: Eliot's review of the DMARC spec)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2013 19:20:36 -0000

On 7/6/2013 12:01 PM, Matt Simerson wrote:
> Why not remove the domain familiarity part entirely? The essence of a cousin domain is not in the victims familiarity with the target domain name (which is less common than technophiles would hope) but in the victims familiarity with the organizational name in the domain.


well, /that's/ an interesting point.

comments?

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.14.0 | Report a Bug | By Email