How does Dmarc alignment protect against anything?

Question

I am specifically referring to Dmarc SPF alignment.

To get a Dmarc pass result, all it takes is that either SPF or DKIM aligns.

Let us say that I am an attacker, and try to impersonate abc.com. I have not set up DKIM which means I'm going to fail this check. Now SPF alignment is going to check envelope-from vs from:. What stops me from configuring a matching envelope-from and from: ?

The vast majority of domains configure ~all in their spf record (e.g. Google). I might fail this check as I don't own any of the authorized IP, but it is unlikely I would be blocked. Then Dmarc alignment would give me a pass result because my envelope-from: matches from:.

I am under the impression that Dmarc, contrary to its intended goal, would actually give me some legitimacy while impersonating another domain.

What is the problem you are trying to solve? – tater Oct 08 '20 at 07:42 — tater, Oct 08 '20 at 07:42

pHeoz · Accepted Answer · 2020-10-08T11:38:49.317

1

After reading Google's post on DMARC alignment, it makes a lot more sense.

To pass DMARC, a message must pass at least one of these checks:

SPF authentication AND SPF alignment

DKIM authentication AND DKIM alignment

So, if I fail/softail the SPF check because I don't own the right IPs, then pass the DMARC alignment check with a matching Envelope-from and from:, I would still get a FAIL from DMARC.

edited Oct 08 '20 at 11:38

answered Oct 08 '20 at 09:52

pHeoz

163
7

How does Dmarc alignment protect against anything?

1 Answers1