Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

Miles Fidelman <mfidelman@meetinghouse.net> Fri, 18 April 2014 21:12 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3B3D1A010E for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 14:12:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.281
X-Spam-Level:
X-Spam-Status: No, score=-0.281 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_16=0.6, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9gHfVUr0uX8G for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 14:12:32 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id DD77D1A007B for <ietf@ietf.org>; Fri, 18 Apr 2014 14:12:31 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id A1867CC0BD for <ietf@ietf.org>; Fri, 18 Apr 2014 17:12:27 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id tuvrFZ1UuTLZ for <ietf@ietf.org>; Fri, 18 Apr 2014 17:12:19 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id C72C9CC09C for <ietf@ietf.org>; Fri, 18 Apr 2014 17:12:18 -0400 (EDT)
Message-ID: <53519532.5070205@meetinghouse.net>
Date: Fri, 18 Apr 2014 17:12:18 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: ietf <ietf@ietf.org>
Subject: Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAL0qLwZr=wVX6eD+yGVOaxkSy5fJbuAErTshOG+2BywUvkDfAA@mail.gmail.com> <01P6QCMYYMJ000004W@mauve.mrochek.com> <6EF4DECC078B08C89F163155@JcK-HP8200.jck.com> <01P6QVVGQA4W00004W@mauve.mrochek.com> <5350A9FB.9010307@dougbarton.us> <01P6S93XQ9TI00004W@mauve.mrochek.com> <CAL0qLwbeouNWWAyanTdUHACLUds=5ZQcG0TMCW-AmMNmuE6qrw@mail.gmail.com> <CE39F90A45FF0C49A1EA229FC9899B0507D4DB17@USCLES544.agna.amgreetings.com>
In-Reply-To: <CE39F90A45FF0C49A1EA229FC9899B0507D4DB17@USCLES544.agna.amgreetings.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Zp2lyytj8-g-yIXTVQ6_8N1oi80
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 21:12:33 -0000

MH Michael Hammer (5304) wrote:
>
> MH: I’m going to disagree with Murray on the fact that it’s hurting 
> us, the company as the motivator, at least from my perspective. I see 
> it as preventing end users from getting hurt from this particular use 
> case (direct domain abuse). The further we (for some definition of we) 
> can push bad actors from reality (from the users perspective), the 
> less likely they are to fall for certain types of social engineering. 
> I would hypothesize that increased abuse of the type Yahoo has been 
> seeing may be in part due to increased difficulty on the part of 
> malicious individuals in abusing brands implementing DMARC with 
> p=reject. P to P mail becomes increasingly attractive and the use of 
> stolen address books or user email addresses and information from 
> stored messages can be used to improve the effectiveness of the social 
> engineer.
>

At least from the perspective of our lists, and spam traps - abuse of 
stolen address  books and such has been a much larger problem than email 
from forged addresses -- at least where Yahoo is concerned, our normal 
spam traps (spamassassin with lots of checks) caught (and continue to 
catch) most incoming spam -- EXCEPT for the stuff that comes form 
legitimate addresses.

I.e., botnets that have access to address books and legitimate login 
credentials have been the main problem we've seen.  At least so far, 
p=reject hasn't led to an increase in that.

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra