[dmarc-discuss] RE : Statistical considerations regarding expected DMARC impact on phishing
sebastien.goutal at vade-retro.com
Tue Apr 10 06:38:35 PDT 2012
> Thanks for the stats, you may have seen this infographic:
> http://www.marketingtechblog.com/dmarc-infographic/ any comments?
Regarding France, we noticed that over half of the phishing target ISP. The statistics are as follows:
Payment services: 15%
Other (Gaming, government...): 5%
> Do you have some word of wisdom regarding:
> What if miscreants use the display field of the From: to fake my brand/domain?
> On the http://www.dmarc.org/faq.html
The From: header display field is as well often obfuscated.
As noted in DMARC faq, it is mainly a user interface issue.
> Especially, considering DMARC implemented, what is the next step for the industry to take?
This is a very difficult question. I have a few proposals.
1. Currently, two layers of security are set up to limit the damage caused by phishing:
- as first security layer, ISP and ESP implement message filtering to detect and reject phishing.
- as second security layer, most popular Internet browsers provide anti-phishing features, mostly based on on-line phishing URL database queries, to prevent access to forged websites.
We can add a third security layer that targets the phishing process and may reduce phishing collateral damages by providing a on-line database of compromised credentials.
However it requires cooperation and confidentiality between all actors (ISP, free e-mail service provider, financial services...) to remain efficient.
I may present this approach at the next MAAWG in Berlin, but I think it's out of scope for the DMARC mailing list.
2. Major web browsers should include a database of signatures of phishing sites.
This is the weak point of phishers : they spend most of the time trying to bypass spam filters, not web browsers filters.
For instance, Firefox and Chrome do a good job by submitting URL to Google Safe Browsing service, but it should be improved by embedding a database of signatures in the browser: thus, phishing sites could be detected proactively.
3. Companies targeted by phishing should implement two-factor authentication for critical operations.
Filter Lab Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss