IETF Logo Mail Archive

Re: [dmarc-ietf] Sender vs From Addresses

Dave Crocker <dcrocker@gmail.com> Wed, 24 March 2021 13:55 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F7F3A2CD9 for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 06:55:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZJNeOycoXZ7 for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 06:55:24 -0700 (PDT)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A2483A2CD6 for <dmarc@ietf.org>; Wed, 24 Mar 2021 06:55:24 -0700 (PDT)
Received: by mail-qk1-x72b.google.com with SMTP id c3so18036665qkc.5 for <dmarc@ietf.org>; Wed, 24 Mar 2021 06:55:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=nPLhvX5X+zwFzcoKCvCNLsx/9WpJzk5NmrL13dubtb0=; b=afDtdS4T/HakoATVhhyZCpY5I/yh8KVupBJnGCT8asYXMBzNPVH/Ieuel0iXpt+i3s qKu2zSgYMR36cDkYIQwovtaJ7yvOGoszaq8BUdZqVdfcS03MfRe8thaWFRH+1zJ7dUyv davZjRSJ3U/Nv9xgMfdW1AuYvco4wTW/FlnRRlvfCbLVDgIHHGqfkjo/y+og1GBsguGK 9zDT88Q0Iu2XLF4H7wVh295X7b8HqW3lY0rVIkQ6OItwkc2Zq/RjPYgsHL8XvBXaSlhb WkkCjrLCjPiHTyTX6ktMjM+/s2fmkxIytXDovRixT3+uu9WajnLjDZCtN1xjHGo8lT+X ZzRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=nPLhvX5X+zwFzcoKCvCNLsx/9WpJzk5NmrL13dubtb0=; b=WEKxSj/rx2x09mT0lvlokdHDaNfZeh79K++j7rKr60tKbgyo7utcedQknG2K3v6AL/ HhztXiWp5Mt4sjRJgfNBield2hv2T+mZlyWeKLZJQuqbKRPZEBF2D0FpU0CiE8xAHCtS n+my69JA+OM/KDgfx6I/K81ieY2JFjRb0lDNcltDCiRBlIbUCh7fc+AOlKj7xQhxlJnf Lemhw8TyjBAqXS7aMkZVCUKdLpzq3gaHHKmSUPLPIxPDhUAwYDtcEmJMrff9ZGBz1I8o +6bwmHTR1GvNDCd6rNf4ITy/xJRG5HY2y75ftBM8bsOrmYzPI8vSFAAcxtrM5vqzwXSx Tcjw==
X-Gm-Message-State: AOAM532AJctyzXjp52dCT3mmQ6m8h7pLvowFbbZpztS5njMr2F5vCtrC D1iWxxZhHh8/yCo+ocTTIJa1k92BqxA=
X-Google-Smtp-Source: ABdhPJyfEDYshqHzOepiT7R3TQtGPc9WnBZ9Ai6C7Sct0ZQ5zhC1NGk+wONURDZcdnHgzOxjw08fmQ==
X-Received: by 2002:ae9:f719:: with SMTP id s25mr3211426qkg.42.1616594122037; Wed, 24 Mar 2021 06:55:22 -0700 (PDT)
Received: from [192.168.0.109] (108-226-162-63.lightspeed.sntcca.sbcglobal.net. [108.226.162.63]) by smtp.gmail.com with ESMTPSA id f8sm1737401qkk.23.2021.03.24.06.55.20 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Mar 2021 06:55:21 -0700 (PDT)
To: Ken O'Driscoll <ken=40wemonitoremail.com@dmarc.ietf.org>, Charles Gregory <Charles@possumdelight.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <6cacad89cb2049858938fce107d60dd9@possumdelight.com> <VI1PR01MB7053E1ED6ED09791428D6EE4C7639@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <bb7becab-4d1c-a952-80a9-22d4f1493e39@gmail.com>
Date: Wed, 24 Mar 2021 06:55:18 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <VI1PR01MB7053E1ED6ED09791428D6EE4C7639@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Content-Type: multipart/alternative; boundary="------------27431E46342A0EEFDB71F8B1"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Vz-WmtBy9-zJ5BYTS2LVdgY145Y>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 13:55:29 -0000

On 3/24/2021 4:54 AM, Ken O'Driscoll wrote:
> DMARC is intended to prevent unauthorised use a domain name in the 
> 5322.From header. This header was chosen because it is displayed in 
> MUAs and is the target of spoofing attempts in phishing campaigns.

It was also chosen because it is the only identification field that is 
always present.

As for display to user, there is no evidence that validating the field 
has any effect on end-user susceptibility to phishing.  It seems natural 
that it would; however in fact there is evidence that it doesn't.  
Still, the belief that it does persists.


d/

-- 
Dave Crocker
dcrocker@gmail.com
408.329.0791

Volunteer, Silicon Valley Chapter
Information & PLanning Coordinator
American Red Cross
dave.crocker2@redcross.org

v2.23.0 | Report a Bug | By Email