On Feb 13, 2015, at 12:48 PM, Brandon Long <bl...@google.com> wrote:
> On Fri, Feb 13, 2015 at 12:33 PM, Steve Atkins <st...@blighty.com> wrote: > >> >> Sure. DMARC protects a field that most people don't care about or, in some >> cases even see. I'm not surprised that it's nearly useless to the majority >> of users in preventing phishing. While the number of people who participate >> in mailing lists and care about who the other recipients are may be fairly >> small, the benefits of DMARC deployment to end users seem to be - for many >> use cases - pretty small too (unless you consider the abstract "brand >> protection" where you don't let others play with your toys, at least not in >> the 822.From a benefit). > > Supposedly, it helps you be harsher on the contents of the message and what > not as you know what "good" looks like with strong conviction... at least, > that's what our spam/abuse folks tell me. Like everything else, its only one > piece of the puzzle. I'm sure that's so. But you need quite a lot of additional data to be able to say not only "this email came from the domain in the 822.From" but also "this email is likely to be wanted / legitimate". It's a big step from one to the other. How different would that conclusion be if it were based on DKIM+SPF+that data instead of DKIM+SPF+DMARC+that data? (I mean use of DMARC p=reject here. Using DMARC just for reporting in order to clean up and understand your use of email is a completely different thing that seems like a good idea, and I'm sure it makes legitimate senders mail streams easier to understand correctly by the sort of approaches Gmail and friends use to observe them). > Also, there is a definite benefit in terms of actually letting through good > mail, though that largely applies more to the transactional mail that DMARC > started with. That too. It's not really DMARC so much as DKIM / SPF, though. >> (Those small number who do participate in mailing lists are being trained to >> ignore the 822.From when working out who a piece of email is from, of >> course.) >> >> Any reduction in volume of phishing mail seems to have been extremely >> temporary, and I doubt it's made any impact on how effective phishing mail >> is either. I've not seen any compelling research that argues either way on >> that, though, so ICBW. > > Obviously this doesn't speak to how temporary it was, but to hear the > Yahoo/AOL folks tell it, there was an immediate drop-off in very visible > effects (ie, they were having a large support volume issue due to people > actually calling them about this) and it hasn't come back. Oh, sure. But that was their customers panicking about mail "from" them being sent to their friends and mail "from" their friends being sent to them, after they had those big address book compromises, AIUI. Definitely a customer support cost - one they mitigated by pushing the cost on to others - but not really anything to do with how effective it was against actual phishing. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
