On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" stephen@xemacs.org wrote:
Peter Shute writes:
How does Yahoo's DMARC policy reduce the benefit of Paypal's? Because servers can't follow the reject recommendation without
No, it's because users get used to ignoring warnings about DMARC issues. If it was *only* your bank, you'd learn to pay attention to them. But when you (FVO "you" susceptible to phishing in the first place, of course!) see a pile of DMARC workarounds every day for 70% of your correspondents, how do you respond to this?
Sorry, what does FVO stand for?
All of our mail to you have come back to us due to DMARC rejects, so we need to use this unusual address.
Please confirm your blah-blah-blah by clicking <here> and logging in to our secure site.
2% of AOL customers will respond by clicking, at last report. :-(
They get a warning? I thought it just bounced, and the intended recipient never knew.
And does the emergence of legitimate p=reject policies mean it's now less likely Yahoo and AOL will back down?
What makes you think the banks didn't start doing this ages ago? Apparently they merely haven't made an explicit announcement.
I wondered about that. Anyone know?
Peter Shute