IETF Logo Mail Archive

Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 16 July 2014 05:31 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1D991B2A7E for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 22:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HiPH2UEinGg2 for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 22:31:51 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A2541A0306 for <ietf@ietf.org>; Tue, 15 Jul 2014 22:31:51 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 38DCC2AB0CD; Wed, 16 Jul 2014 05:31:50 +0000 (UTC)
Date: Wed, 16 Jul 2014 05:31:50 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Message-ID: <20140716053149.GZ2595@mournblade.imrryr.org>
References: <20140716002015.GV2595@mournblade.imrryr.org> <20140716033949.80178.qmail@joyce.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140716033949.80178.qmail@joyce.lan>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/feRliAzwbM8c1VxzB-loH8Wbp0U
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 05:31:52 -0000

On Wed, Jul 16, 2014 at 03:39:49AM -0000, John Levine wrote:
> >Is there quantitative evidence that preventing spoofing of the
> >"From" address reduces the efficacy of phishing?
> 
> According to people I've talked to at large mail providers, apparently
> so.  DMARC blocks a lot of mail that is clearly phish.

That's not the question I'm asking.  Spamhaus RBLs, also block lots
of mail that is phish.  The real question is whether the incidence
of successful phishing attacks is reduced.

> I would have thought that phishers would use any of the bazillion
> obvious ways to circumvent DMARC, but they must be as lazy as anyone
> else.

Which means that perhaps they don't need to bother, because they
are getting sufficient response rates?

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email