Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Alessandro Vesely <vesely@tana.it> Sun, 16 August 2020 10:15 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4383A0B29 for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 03:15:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.047
X-Spam-Level:
X-Spam-Status: No, score=-3.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.949, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tyrfyZRtwf1K for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 03:15:09 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DC2A3A0B23 for <dmarc@ietf.org>; Sun, 16 Aug 2020 03:15:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1597572905; bh=oPwI+trL2d65QvaPPufJSMbOVLU0D1ctpV2wK+LBrP4=; l=1000; h=To:References:From:Date:In-Reply-To; b=BBjl3UyzfNWmPY8iXQMVYATo9ap7Vn5pYIIEFCffcX74tILWKiT3Hp7bco2ocVX/P PzJ8VcoGEZUtIqiCg5YmHB2d1UR7Y4PHTf4seaqKjXeVb6AJkuqhYpQkig5fVya3yx +qnc0ib9jqtVXbXZEfB6T4fikZQCGar7vPJrqepM/AGBASU83CUvYfGeGu8oT
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [192.168.1.102] ([5.170.69.62]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC08B.000000005F390729.0000161E; Sun, 16 Aug 2020 12:15:05 +0200
To: dmarc@ietf.org
References: <20200816021856.9FADE1E9EE5F@ary.local>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <93f9236b-7b61-2466-8076-4b6f25bdb823@tana.it>
Date: Sun, 16 Aug 2020 12:15:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200816021856.9FADE1E9EE5F@ary.local>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jOhQHcFvBJlAfYf6uUpvuH-oRdE>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2020 10:15:11 -0000
On Sun 16/Aug/2020 04:18:56 +0200 John Levine wrote: > In article <c45b61d902e04be48abe3a4bede67692@bayviewphysicians.com> you write: > >> This morning I had a conversation with the CEO of a company that >> was hit by ransomware which arrived with the help of a single >> email. He is slowly getting his company back after paying a lot >> of money to people who want to destroy us. > > I think you would be dismayed how little of that would be stopped > by more stringent DMARC policies. They use lookalike addresses, or > they depend on MUAs that show the From header comments rather than > the addresses. I once saw a very slick spear phish where the crook > registered the victim's domain name substituting "rn" for "m". Lookalike domains are also being addressed by browser developers. It is the obvious next-thing-to-do. Those algorithms could be ported to MUAs, except that it's pretty useless to seal the windows when the roof is still under construction. Best Ale --
- [dmarc-ietf] Call for Adoption: DMARC Use of the … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Joseph Brennan
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Rolf E. Sonneveld
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … David I
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … ned+dmarc
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] I Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] Objections to Sender header as overr… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Murray S. Kucherawy
- Re: [dmarc-ietf] Objections to Sender header as o… Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jesse Thompson
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Vittorio Bertola
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… Jesse Thompson