DMARC has changed email security. When a domain is at enforcement, attackers can’t send email that impersonates that domain and have it land in inboxes. That’s not a small thing, either. Exact-domain spoofing was one of the most effective phishing techniques available, and DMARC largely shut it down.
The problem is that attackers are persistent (and adaptable).
Now that exact-domain spoofing is ha...
Skeptical Mode:
Steelman - The article presents a balanced analysis of the evolution of phishing techniques and the limitations of current security measures. It introduces MTA-STS and Valimail as potential solutions to address these gaps in protection.
Patterns detected: ARC-0043 Motte-and-Bailey (the article presents both problems and solutions without fully addressing the challenges in implementation and long-term effectiveness).
Root Cause - The continuous cat-and-mouse game between cybersecu...