IETF Logo Mail Archive

Re: [dmarc-ietf] attack on reports

Michael Thomas <mike@mtcc.com> Tue, 26 January 2021 21:24 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 197CB3A0F06 for <dmarc@ietfa.amsl.com>; Tue, 26 Jan 2021 13:24:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.15
X-Spam-Level:
X-Spam-Status: No, score=0.15 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vVk6tIljnh8f for <dmarc@ietfa.amsl.com>; Tue, 26 Jan 2021 13:24:25 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01F5A3A0F01 for <dmarc@ietf.org>; Tue, 26 Jan 2021 13:24:24 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id j21so5880273pls.7 for <dmarc@ietf.org>; Tue, 26 Jan 2021 13:24:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=G0xgmb1Nb0AC0LXtVV+J/ZxbcIZckN7KhQ7F9u9jEJM=; b=gABV23axW1Sh0o0i/4C5qWNJ124t1/vMXRaFiThpUyzZZDfcoqPk8sfc54UifTE08n dumqT/lwhQlOi+Nt0ID0vbMksYjbjubpanmQF/e5uzwRosxVGsdGt/VZkCLVZnIOYZvt jLlX1iMIxs9sxnXVsNBifRoUdVN0NCIFzlW7kbswskrU2CH9zTK0OySGP3I6JuO5U7Ej /V0VVPp90XknRbUX98bEQ2XWv51XMFd/FkBDX0ZLmSXPYIz9GJ0TPWIPX7ZLcOAiGyu9 dbU2H9nB11pgGsyupq+LeRE5JZJZdypd1NTvo0aZyrm630P15JzRmWNJVDtQzcdrbu6Y YOlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=G0xgmb1Nb0AC0LXtVV+J/ZxbcIZckN7KhQ7F9u9jEJM=; b=pbTxifBW4E/rXp8DeKBGHnnyF5bY/dN0+L1anK3tcise9HR/i/PVED0Z3fsq53Ivru qOY8po5MzPdffHeR1kT81aa2svDe1+V+TDp4X4nefz9jAvVV/bSa2Snb/CXOUqaw0mtC 78KxmU0UgccEB6U2GHwTDW+/FyKJsiuWT2NWAdwaN6UnTrXhx8+H/ECE3glWr6J/vNtH /8sE+HRdTXlaYnftJrBgB1ZAJO0jixogBI34uA/ztIuKlSxFVFBiroF5qNsW7SPtjjdD 8hXrYEyL9lvoLa1Or3NoU7K/iBo4Y7bmQeoHqiK3JpZgZiOsn8lwXLTGNNWhKvClEbmc mzEg==
X-Gm-Message-State: AOAM532vZ1HtxU3188bXKVfY1hKLuez6z0E6tuBF755r7B2mPD8OeFhZ xKu7daQbK5vcHDVw1QuHmSTn6BGdnXI0KA==
X-Google-Smtp-Source: ABdhPJwafSEs70AbG4nvVyKvvz3d481BoOLluy0kIaadRlcx3HSV2/+Q+3KcLdOsu5lpD3+PsTwdNg==
X-Received: by 2002:a17:902:e98d:b029:de:9a3a:1b8d with SMTP id f13-20020a170902e98db02900de9a3a1b8dmr7897771plb.3.1611696263947; Tue, 26 Jan 2021 13:24:23 -0800 (PST)
Received: from mike-mac.lan (107-182-35-22.volcanocom.com. [107.182.35.22]) by smtp.gmail.com with ESMTPSA id y26sm20289149pgk.42.2021.01.26.13.24.22 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Jan 2021 13:24:23 -0800 (PST)
To: dmarc@ietf.org
References: <c049495f-faa2-c5f0-3e0a-7d8d86150568@mtcc.com> <aab313ee-4453-d97c-65ad-2a02d543c66c@tana.it> <24e8da5d-e306-7207-bb8f-74d44e4c5eaf@mtcc.com> <CAHej_8kS7hHR70LdcktuEtm08FyjsmqV17wHq21MdT=eNspCGw@mail.gmail.com> <f8f77f85-a2ae-3fb3-acb4-70d14a9da0f4@mtcc.com> <CAHej_8nZu3Fgj1=V8aQnho7LEc0Y12KfXa8b+xxXVDzDqe8Bxg@mail.gmail.com> <d181379e-8a3d-2865-53ca-709f679945ac@mtcc.com> <CAPyMsDi_tVK7j_HjpAfLEcy=xCDPR4kPZs-5MOFVkQSgCjwsuQ@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <3624ea12-b3cf-a8fe-9b4b-442931eaa080@mtcc.com>
Date: Tue, 26 Jan 2021 13:24:21 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <CAPyMsDi_tVK7j_HjpAfLEcy=xCDPR4kPZs-5MOFVkQSgCjwsuQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------87F5F6B2C71CD02FCB9AC43F"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Yd6s-9yzQoE6C5j2LT45j9KUvF0>
Subject: Re: [dmarc-ietf] attack on reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 21:24:26 -0000

On 1/26/21 12:41 PM, Matt V wrote:
> On Tue, Jan 26, 2021 at 3:17 PM Michael Thomas <mike@mtcc.com 
> <mailto:mike@mtcc.com>> wrote:
>
>     How do I know when I'm done though if I don't know the IP
>     addresses who send on my behalf? Is it an actual forgery or is it
>     Marsha in marketing using a outsourced email blaster?
>
>
> This is solved with conversation with the relevant stakeholdersĀ in the 
> organization from IT, Marketing, PR, etc... along with security and 
> brand policies being enforced.
>
> Ultimately only approved and official email sources will be 
> authenticated - random sales/marketing people don't get to make those 
> types of decisionsĀ on the day-to-day. You want an exemption for your 
> support/marketing tools you need to get it cleared, vetted and 
> properly authenticated to play.
>
> This is how most large companies resolve this issue.
>
>
I worked for a large company and that is much easier said than done 
having attempted to do so before the reporting was a twinkle in 
anybody's eye. Hence the low uptake of DMARC. Having to know all of the 
IP addresses that are legitimate senders for your domain is daunting for 
a large enterprise.

Mike

v2.23.0 | Report a Bug | By Email