IETF Logo Mail Archive

Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 16 July 2014 00:20 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113C71B29C2 for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 17:20:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqPBx87xI2GK for <ietf@ietfa.amsl.com>; Tue, 15 Jul 2014 17:20:18 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5829B1B29BE for <ietf@ietf.org>; Tue, 15 Jul 2014 17:20:18 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 17AB42AAFFC; Wed, 16 Jul 2014 00:20:16 +0000 (UTC)
Date: Wed, 16 Jul 2014 00:20:16 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Message-ID: <20140716002015.GV2595@mournblade.imrryr.org>
References: <4450964.7UmRiHm4KW@scott-latitude-e6320> <20140715001549.GG2595@mournblade.imrryr.org> <2270075.AYnCC6OxAQ@scott-latitude-e6320> <20140715033346.GL2595@mournblade.imrryr.org> <026301cfa01a$7ebdde40$4001a8c0@gateway.2wire.net> <20140715112023.GU2595@mournblade.imrryr.org> <01PA78TOWR4O007ZXF@mauve.mrochek.com> <53C55509.8050108@dcrocker.net> <01PA7DC3IFS0007ZXF@mauve.mrochek.com> <53C592C8.6050506@dcrocker.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <53C592C8.6050506@dcrocker.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/ujxmfwd4Le5y6JzWvt85ZLXkuiI
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 00:20:20 -0000

On Tue, Jul 15, 2014 at 01:44:56PM -0700, Dave Crocker wrote:

> Incurring the considerable expense, in people and opportunity cost, by
> pursuing a global standards effort that proves ineffective is a
> particularly pernicious path, especially with respect to a
> security-related topic like phishing.

Is there quantitative evidence that preventing spoofing of the
"From" address reduces the efficacy of phishing?  My guess is that
any such effect is rather marginal, and that phishers succeed or
fail based on the content of the pitch, rather than "metadata".

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email