IETF Logo Mail Archive

Re: [dmarc-ietf] Email security beyond DMARC?

Dotzero <dotzero@gmail.com> Thu, 21 March 2019 13:36 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2295B13111E for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2019 06:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfdkEH5w4nyW for <dmarc@ietfa.amsl.com>; Thu, 21 Mar 2019 06:36:24 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 310EC131023 for <dmarc@ietf.org>; Thu, 21 Mar 2019 06:36:24 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id t124so2709004wma.4 for <dmarc@ietf.org>; Thu, 21 Mar 2019 06:36:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wiJnaf5e32y/q/z1dY2Tr041H5w4ZqjgKFdyH1vas1k=; b=IfR/OLl5shdBlvujXGChTUHtS8fse0T9e/DRJdfUnuPa4TaI3GVKlSgjYW6GrTEc2p mZa9nn4i6+nhtv+fH4vgJ9fVv6eaSQCeNv1+LEN8Cz0dr2SBdP7mt3Wb69FbNoyDsGFO usbkV+9noqjcMpDhOfZqbvJHSPlH4NJUjYg8VEHSkbonr+wbuiSWxRG6+0lUTmfMaj4A 0zRMD+hHjUiamhxSgn1kdDB7lYNG7B7C7Fhot6fAXlugZNDUWryz/Etkgua7f9JHZy5/ 6B45+Omy4FD2PUretbhzhyzPQxSfI0sPynm6io5n5DSbV+o74hWqpvrwEQs0opZuXk2b hNSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wiJnaf5e32y/q/z1dY2Tr041H5w4ZqjgKFdyH1vas1k=; b=ddfS/45KWzaPyAS3qm1iIGRrxKFjlWkJutvGLf/NIDID5qd8heKLsuQYnXKQMMIl+G h265M1ACOXyGRsSD4T9139iS+v+jOOhoPGzxVrrPWBSh4sS/WS1bGhcpu55R3zFO4MyM 6Bvqs5wKlXD+7hgscYM2uIPF9ON8KfhBOI3b/M29hhEbM4L9PkHK/QGoNm7UEbqwW8Md jCDfPwR11WKuGnjkAPzZCG8ykrRp3jPgDt/jVPRfinvUxnaPWEvrXOxY+dfG3MU5w0fi 1MoqNZ5l0MdRgvIZ8ot4HqgEBzfni4Kz7TTu67c0v8OeGo598yUkKub+F9src7FSPS3f 85Hw==
X-Gm-Message-State: APjAAAUvv/Edg7WlDcrcybWaIiUcnVYmsi/MyfyvbLfJEU10uGpLJ3ux ajTPBldaxYqha9ONpwvIsvpnTMDMJajjWYj+GlINRA==
X-Google-Smtp-Source: APXvYqw59aVGo4bVGMxuafy++0xO+k8NkLjBrinz+AgqsxNt8FlxjjUU2Ssx4ded+b1kG6VZ8tK22YPpreilTL2o8jM=
X-Received: by 2002:a1c:e143:: with SMTP id y64mr2456286wmg.141.1553175382679; Thu, 21 Mar 2019 06:36:22 -0700 (PDT)
MIME-Version: 1.0
References: <20190319184209.804E42010381DB@ary.qy> <alpine.DEB.2.20.1903201442260.7108@softronics.hoeneisen.ch> <alpine.OSX.2.21.1903201042010.79863@ary.qy>
In-Reply-To: <alpine.OSX.2.21.1903201042010.79863@ary.qy>
From: Dotzero <dotzero@gmail.com>
Date: Thu, 21 Mar 2019 09:36:13 -0400
Message-ID: <CAJ4XoYcyaEBHYGPDY4ah_O+Obk-tijnL9SnxvzKyywu4BEmkrw@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f57dfa05849ad245"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kDLPw8-OT1_bwrVUMlDnPqXXZIs>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 13:36:36 -0000

On Wed, Mar 20, 2019 at 10:49 AM John R Levine <johnl@taugh.com> wrote:

>
> DMARC has never been an anti-spam scheme.  It's about phishing, which is
> not the same thing.
>

I'm going to have to disagree with you John. DMARC is about preventing
direct domain abuse. It does not specifically address phishing as the bad
guys can simply use cousin domains, homoglyphs, etc.

Michael Hammer

v2.23.0 | Report a Bug | By Email