[Mailman-Users] Add PayPal to DNs publishing DMARC p=reject

Peter Shute pshute at nuw.org.au
Tue May 6 14:04:52 CEST 2014 

I understand now, fake warnings for phishing. As for not being taken in, I haven't yet, but I'm sure it would be possible to create one that I would assume to be genuine.

Peter Shute

Sent from my iPad

> On 6 May 2014, at 3:15 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
>>> On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
>>> them.  But when you (FVO "you" susceptible to phishing in the first
> 
>> Sorry, what does FVO stand for?
> 
> Ah, excuse my abbreviations.  FVO = "for values of"; the intended
> implication is that the "you" reading my post isn't the kind of "you"
> who gets taken in by phishing emails.
> 
>>>   All of our mail to you have come back to us due to DMARC rejects,
>>>   so we need to use this unusual address.
>>> 
>>>   Please confirm your blah-blah-blah by clicking <here> and logging
>>>   in to our secure site.
>>> 
>>> 2% of AOL customers will respond by clicking, at last report. :-(
>> 
>> They get a warning? I thought it just bounced, and the intended
>> recipient never knew.
> 
> No, the point is that a phishing mail with
> 
>    From: Chase Bank Customer Service <service at chase.com.invalid>
> 
> will sail right past DMARC, as currently set up.  In the message, the
> complaint about the "DMARC rejects" was written by the phisherman, and
> the strange address is explained by that preamble.  Thus reassured,
> the victim then clicks.  Don't ask me to explain why they do that, I
> don't really understand (I'm almost tempted to quote Niven and
> Pournelle, "think of it as evolution in action"), but it's an
> empirical fact that real people lose real money to these scams ("2% of
> AOLers" click, according to AOL).
> 
> Now, it's *possible* that ".invalid" will trigger the latent common
> sense in the 2%.  But I think that pretty unlikely to be completely
> effective, and I suspect it won't be effective at all in the presence
> of a disclaimer about the "unusual" address.  If ".invalid" can't
> get by the victim's common sense, ".REMOVE-THIS" etc probably will.
> 
> The thing is that a bit of common sense will save you from any of
> these scams.  But that's not enough to create good policies, because
> it's very hard is to think of all the ways to abuse a very naive
> victim, or a very young one, or an elderly one who's lost a step
> mentally -- it takes a devious mind just to think of one!
> 
> Regards,
>

More information about the Mailman-Users mailing list