Re: dmarc damage, was gmail users read on... [bozo subtopic]
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 12 September 2014 14:16 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E838C1A007E for <ietf@ietfa.amsl.com>; Fri, 12 Sep 2014 07:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_21=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LTk7OF1fHUfu for <ietf@ietfa.amsl.com>; Fri, 12 Sep 2014 07:16:32 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE3C51A6F27 for <ietf@ietf.org>; Fri, 12 Sep 2014 07:16:32 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 0514E2AB2BB; Fri, 12 Sep 2014 14:16:30 +0000 (UTC)
Date: Fri, 12 Sep 2014 14:16:30 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
Message-ID: <20140912141630.GF26920@mournblade.imrryr.org>
References: <20140911202058.3327.qmail@joyce.lan> <541208F6.1010302@dougbarton.us> <bb48b8f170074ddeb25cbb213f613892@DM2PR0301MB0655.namprd03.prod.outlook.com> <20140912132742.GA5035@thunk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140912132742.GA5035@thunk.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/HKkWgJrZxasPs480XqmA-WcDQ_Q
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 14:16:34 -0000
On Fri, Sep 12, 2014 at 09:27:42AM -0400, Theodore Ts'o wrote: > But unfortunately, once the UI recognizes this case, would we not be > imposing harm vis-a-vis phishing in particular? And then DMARC Mark > II (as it were) would have to prohibit the wrapping and require a wrap > of a wrap, etc. > > There's no way of winning this. But if we are going to go down this > path, it would be useful to discuss what the UI would look at that > meets the needs of mailing lists, but without potential harm of > phishing. Right, there's no way to win against phishing with narrow technical counter-measures. Phishing is not an attack on vulnerable computer systems that follow rigid rules, it is an attack on vulnerable fuzzy human reasoning about the online world. Narrow defenses like DMARC don't deter the phishers, but do damage the email infrastructure. Sometimes more harm is done by over-eager defenders, than by the attackers. The main effect of DMARC has been that 419 scammers now put the Gmail, Yahoo, ... email address in "Reply-To:", rather than "From:". Phishers also find other alternatives: Return-Path: <wanewviv@web116.brainhost.com> Received: from web116.brainhost.com (web116.brainhost.com [64.31.11.114]) (using unknown with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by amnesiac (Postfix) with ESMTPS id 278102AB02B for <censored@example.org>; Thu, 11 Sep 2014 13:16:11 +0000 (UTC) To: censored@example.org Subject: Update You account PayPal From: trami zlal <PayPal@support.com> This phisher did not even bother to use a plausible Display Name. The pitch in the message payload is by far the most important element of the attack, the machine-readable "metadata" we protect is not nearly as significant. -- Viktor.
- gmail users read on... Brian E Carpenter
- Re: gmail users read on... Rich Kulawiec
- Re: gmail users read on... Andrew G. Malis
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Michael Richardson
- Re: gmail users read on... Mary Barnes
- RE: gmail users read on... l.wood
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... Tim Bray
- Re: gmail users read on... TJ
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Riccardo Bernardini
- Re: gmail users read on... Paul Hoffman
- Re: gmail users read on... TJ
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... joel jaeggli
- Re: gmail users read on... Phillip Hallam-Baker
- Re: gmail users read on... [technical subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Andrew G. Malis
- Re: gmail users read on... [bozo subtopic] Hector Santos
- Re: gmail users read on... [bozo subtopic] Antonio Prado
- Re: gmail users read on... [bozo subtopic] Joe Abley
- Re: gmail users read on... [bozo subtopic] Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- RE: dmarc damage, was gmail users read on... [boz… Christian Huitema
- Re: dmarc damage, was gmail users read on... [boz… George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Miles Fidelman
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: dmarc damage, was gmail users read on... [boz… Theodore Ts'o
- Re: dmarc damage, was gmail users read on... [boz… Donald Eastlake
- Re: dmarc damage, was gmail users read on... [boz… Viktor Dukhovni
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Sabahattin Gucukoglu
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: gmail users read on... Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Scott Kitterman
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: gmail users read on... George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… David Morris
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec