6 May
2014
6 May
'14
6:30 p.m.
"Stephen J. Turnbull" stephen@xemacs.org wrote:
No, the point is that a phishing mail with
From: Chase Bank Customer Service <service@chase.com.invalid>will sail right past DMARC, as currently set up
It will sail past people using modern mail clients, too, by which I include web mail and Outlook, since those people will see some variation on this--
From: Chase Bank Customer Service
--so that it hardly matters what address is in the From line. This rewrite--
From: "Chase Bank Customer Service service@chase.com" service@chase.com.invalid
--would produce a more informative result, and just about honor RFC 5322 where it says the mailbox of the author of the message should be in the "From:" field.
But this is the Mailman discussion list.
Joseph Brennan Columbia University Information Technology