nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

From: Amir Herzberg via NANOG <nanog () lists nanog org>
Date: Sat, 5 Jul 2025 23:12:51 -0400
On Sat, Jul 5, 2025 at 10:06 PM John Levine via NANOG <nanog () lists nanog org>
wrote:


I took a look at the paper and was underwhelmed. They were shocked to find
that
most of the Alexa top 1000 don't have DKIM or DMARC records, and well, duh,
...


I think Mike mostly referred us to the experiment in section 6 (Mike,
correct me if I'm wrong), rather than the claim John mentioned (which I
think is citation of previous work and not result of this one).

That said, the experiment was of the effectiveness of a warning for a
failure of the (SPF/DKIM/...) validation, i.e., would users ignore it and
access the email anyway. As Rich explained nicely, this is rarely the
method used by attackers; they usually use their own domains, so they pass
this validation. The vast  majority of users fail to notice the email was
sent from the wrong domain (see lots of discussion in earlier messages,
mainly by Rich). So, I'm not sure it's a great example showing that UI can
be used for effective defense.

Ah, and John also asked


...
A-R tells you whether the DKIM, SPF, and DMARC validations passed.  What
else
would you expect to show?  And why do it in the UI rather than at delivery
time?



Obviously the reason is that the providers don't want to risk blocking the
email due to false positive. They prefer to shift the responsibility to the
user... (I wonder if John asked seriously or if it was sarcasm, as I know
John is very well aware of the fact providers hate the risk of false
positives...)

Best, Amir
--
Amir Herzberg

Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography and Cybersecurity' textbook:
https://sites.google.com/site/amirherzberg/crypto-cyber-book





R's,
John
_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/CTWHM5RKBMP7XZOC52EIKQVQ3SOYVXK7/


_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/XW7TNBNMXQAQJYJU7OVOJDXL4V32CT2X/
Previous By Date Next
Previous By Thread Next

Current thread: