6 May 2014 6 May '14
"Stephen J. Turnbull" firstname.lastname@example.org wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service <email@example.com>
will sail right past DMARC, as currently set up
It will sail past people using modern mail clients, too, by which I include web mail and Outlook, since those people will see some variation on this--
From: Chase Bank Customer Service
--so that it hardly matters what address is in the From line. This rewrite--
From: "Chase Bank Customer Service firstname.lastname@example.org" email@example.com
--would produce a more informative result, and just about honor RFC 5322 where it says the mailbox of the author of the message should be in the "From:" field.
But this is the Mailman discussion list.
Joseph Brennan Columbia University Information Technology