On 5/7/2024 7:00 PM, Dotzero wrote:
https://www.ic3.gov/Media/News/2024/240502.pdf
This was released this past week by the FBI. Although we are in last
call, I have to wonder if a) the attack itself, and/or b) the
government recommendations regarding policy might impact DMARCbis in
any manner. I've only just started thinking about the attack itself
and potential implications.
Michael Hammer
While the subject is interesting, in my eyes, Business Email Compromise
(BEC), and a non-preferential DMARC policy disposition published by the
spoofed domain owner aren't an issue with the DMARC mechanism itself.
The receiving mail system did exactly what the domain owner requested
with p=none, no disposition was taken on email(s) failing DMARC.
From an alternate point of view, one might consider how this policy
could be more broadly "exploitable" as a side effect now that the
internet email ecosystem is inundated with p=none DMARC records by
domain owners just doing the bare minimum to meet ESP sender
requirements, but that's still not a problem with DMARC itself.
Addressing this issue - perusing Section 5.5.6, is there anything else
we could add that would be acceptable language in an Standards track
document to encourage urgency behind a transitory state of p=none use by
domain owners? Would that even make sense to do? (Legitimate question
for the WG)
- Mark Alley
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org
