IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Laura Atkins <laura@wordtothewise.com> Wed, 19 August 2020 09:27 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 611F93A16D7 for <dmarc@ietfa.amsl.com>; Wed, 19 Aug 2020 02:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSITHFq7NlsR for <dmarc@ietfa.amsl.com>; Wed, 19 Aug 2020 02:27:00 -0700 (PDT)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id 624B83A16CF for <dmarc@ietf.org>; Wed, 19 Aug 2020 02:27:00 -0700 (PDT)
Received: from [192.168.0.227] (unknown [37.228.245.144]) by mail.wordtothewise.com (Postfix) with ESMTPSA id 1AB6B9F1F7 for <dmarc@ietf.org>; Wed, 19 Aug 2020 02:26:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1597829219; bh=QmHANxeDaU3bqiGfFlSTCjU9774mYUUisBVBVDzXbb8=; h=From:Subject:Date:References:To:In-Reply-To:From; b=UxBCHW+3RMYiBvs56oaKCiYBDNR/V4eI4gOWQM2V9lgvBx8YGMJjKUCzDtkqxeBY+ ZNK6OsKQpY0WNLU2AxHSbRbZqsZBhxjakDl6gRq5FOpFAAEXf/rsgo9R7YTG5mZA5I x/X15kK+Vn3Chr60tRSzWthnU0xAIaYeyzwmnhMQ=
From: Laura Atkins <laura@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5B7114DD-6844-4049-A8F6-CCCECF42B302"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 19 Aug 2020 10:26:56 +0100
References: <CAJ4XoYcFbh8-nAxjxzzRgUahFfhcgcZQ2yMF2ewv_-DgUmhL=g@mail.gmail.com> <20200814164237.313071E971DB@ary.local> <CAJ4XoYeqj_5mpZu1PZP4rNfrWRyC5gC-2dfK7oX9xQHiR24QeA@mail.gmail.com> <085c6a5f-5451-ae8c-4873-133673ba1754@tana.it> <CAL0qLwaVUi9QtV4zcCwncuy4N3YPwsGZPzFfd1q19io79UG2VQ@mail.gmail.com> <c1844590-4b12-9763-21c5-6ac5b730321b@tana.it> <6358f3da-806b-f4eb-b9a0-8ee8ce4121d7@dcrocker.net> <4e549ca6-6047-6ff2-325c-fe8d7247e157@tana.it> <c972e0af-b589-1780-47b3-8cb2a2024ec2@dcrocker.net> <13a0ed72-2c5a-8ba6-84ab-b857e29403f1@tana.it> <b5935bde-e8-78ef-ed17-90a1d730aa9d@taugh.com> <8CCCBF0C-8651-4298-BB29-457381655D1D@wordtothewise.com> <beba49bc-e599-4f5b-72ad-2328938af9da@tana.it> <7FC8E909-1A13-4682-B3D8-EAD76F2B02BB@wordtothewise.com> <CABa8R6vT6co97_z0S7oRZC_r8n4vWT=q=YN4S+zX9xfSr18FTw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <CABa8R6vT6co97_z0S7oRZC_r8n4vWT=q=YN4S+zX9xfSr18FTw@mail.gmail.com>
Message-Id: <15CFB97A-FC78-4EAF-AC41-92ABCC0F8C9B@wordtothewise.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zaVM4Fzi1mg_HgeIe5goDZA5HaY>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 09:27:02 -0000


> On 19 Aug 2020, at 00:21, Brandon Long <blong=40google.com@dmarc.ietf.org> wrote:
> 
> 
> 
> On Mon, Aug 17, 2020 at 5:22 AM Laura Atkins <laura@wordtothewise.com <mailto:laura@wordtothewise.com>> wrote:
> 
> 
>> On 17 Aug 2020, at 12:25, Alessandro Vesely <vesely@tana.it <mailto:vesely@tana.it>> wrote:
>> 
>> On Mon 17/Aug/2020 11:46:55 +0200 Laura Atkins wrote:
>>> 
>>> The forum page is off the FTC website, but the document links are 
>>> still accessible:
>> 
>> 
>> A copy is here:
>> https://web.archive.org/web/20120603201012/https://www.ftc.gov/bcp/workshops/e-authentication/ <https://web.archive.org/web/20120603201012/https://www.ftc.gov/bcp/workshops/e-authentication/>
>> 
>> A sentence says:
>> 
>>    The Report, however, identified domain-level authentication as a
>>    promising technological development that would enable Internet
>>    Service Providers (‘‘ISPs’’) and other domain holders to better
>>    filter spam, and that would provide law enforcement with a potent
>>    tool for locating and identifying spammers.
> 
> And, 17 years on, we know that domain level authentication doesn’t actually help filter spam nor does it provide law enforcement with a potent tool for locating and identifying spammers. It was promising, it didn’t live up to the promise. 
> 
> I don't understand this.  Virtually every spam rule we write these days depends on information attached to the domain level authentication of an email message.

I was thinking more that simply adding authentication doesn’t do anything to identify spam vs. not-spam. Authentication give you a valid identifier to hang a reputation on, but spammers are great at implementing authentication.  

> I mean, it's not some simple binary thing, but it also very clearly helps us filter spam.

You are correct and I wasn’t thinking. 

> We know, now, that turning on domain level protection does not stop phishing attacks against that company. It stops direct spoofing of the domain, but the phishers simply use a completely different domain. Just this weekend I got a PayPal phish. PayPal who helped invent DMARC are still getting spoofed and phished. Sure, the phishers aren’t using the paypal..com <http://paypal.com/> domain, but that doesn’t seem to have any effect on their success at stealing money from people. 
> 
> Do we have stats on that?

Stats, no. But the fact that they’re still doing it tells me it still works. If it wasn’t making them some level of money, they’d move on to something else. 

> I know that we've increased our resources towards anti-phishing over the years, so there's no apples to apples comparison here, and it would be hard to tease out the specifics anyways... but we've certainly had success in catching more of it.

No argument here. But as much of the world’s email you handle you don’t handle all of it. And I have spoken with some of the less savory end of mailers who actively avoid mailing your network and target folks outside of it. 

laura 


-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
laura@wordtothewise.com
(650) 437-0741		

Email Delivery Blog: https://wordtothewise.com/blog

v2.23.0 | Report a Bug | By Email