[Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
Peter Shute
pshute at nuw.org.au
Tue May 6 14:04:52 CEST 2014
I understand now, fake warnings for phishing. As for not being taken in, I haven't yet, but I'm sure it would be possible to create one that I would assume to be genuine.
Peter Shute
Sent from my iPad
> On 6 May 2014, at 3:15 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
>
> Peter Shute writes:
>>> On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
>
>>> them. But when you (FVO "you" susceptible to phishing in the first
>
>> Sorry, what does FVO stand for?
>
> Ah, excuse my abbreviations. FVO = "for values of"; the intended
> implication is that the "you" reading my post isn't the kind of "you"
> who gets taken in by phishing emails.
>
>>> All of our mail to you have come back to us due to DMARC rejects,
>>> so we need to use this unusual address.
>>>
>>> Please confirm your blah-blah-blah by clicking <here> and logging
>>> in to our secure site.
>>>
>>> 2% of AOL customers will respond by clicking, at last report. :-(
>>
>> They get a warning? I thought it just bounced, and the intended
>> recipient never knew.
>
> No, the point is that a phishing mail with
>
> From: Chase Bank Customer Service <service at chase.com.invalid>
>
> will sail right past DMARC, as currently set up. In the message, the
> complaint about the "DMARC rejects" was written by the phisherman, and
> the strange address is explained by that preamble. Thus reassured,
> the victim then clicks. Don't ask me to explain why they do that, I
> don't really understand (I'm almost tempted to quote Niven and
> Pournelle, "think of it as evolution in action"), but it's an
> empirical fact that real people lose real money to these scams ("2% of
> AOLers" click, according to AOL).
>
> Now, it's *possible* that ".invalid" will trigger the latent common
> sense in the 2%. But I think that pretty unlikely to be completely
> effective, and I suspect it won't be effective at all in the presence
> of a disclaimer about the "unusual" address. If ".invalid" can't
> get by the victim's common sense, ".REMOVE-THIS" etc probably will.
>
> The thing is that a bit of common sense will save you from any of
> these scams. But that's not enough to create good policies, because
> it's very hard is to think of all the ways to abuse a very naive
> victim, or a very young one, or an elderly one who's lost a step
> mentally -- it takes a devious mind just to think of one!
>
> Regards,
>
More information about the Mailman-Users
mailing list