惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
P
Palo Alto Networks Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Cisco Talos Blog
Cisco Talos Blog
AI
AI
L
LINUX DO - 最新话题
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The GitHub Blog
The GitHub Blog
I
Intezer
Blog — PlanetScale
Blog — PlanetScale
有赞技术团队
有赞技术团队
S
Securelist
博客园_首页
IT之家
IT之家
Schneier on Security
Schneier on Security
博客园 - 叶小钗
罗磊的独立博客
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
W
WeLiveSecurity
The Register - Security
The Register - Security
D
DataBreaches.Net
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Recorded Future
Recorded Future
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tailwind CSS Blog
N
News and Events Feed by Topic
Cyberwarzone
Cyberwarzone
T
Tor Project blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com

dmarc.org

IETF Publishes Updated DMARC Specification – dmarc.org Updated DMARC Statistics Published – dmarc.org Summary of Changes in DMARCbis – dmarc.org DMARC.org at 8th JPAAWG General Meeting – dmarc.org DMARC.org at 7th JPAAWG General Meeting – dmarc.org New Authentication Protocol: DKIM2 – dmarc.org DMARC.org at Sixth JPAAWG General Meeting – dmarc.org Microsoft Allows 365 Admins To Accept ARC Forwarders – dmarc.org DMARC.org at Fifth JPAAWG General Meeting – dmarc.org Most DKIM Keys Seen in 2021 Were 2K RSA – dmarc.org
M3AAWG Calls for Coalition to Support Public Suffix List – dmarc.org
Steve Jones · 2023-05-27 · via dmarc.org

Internet Domain hierarchyThe Messaging, Malware, and Mobile Anti-Abuse Working Group, or M3AAWG, has released a blog post and white paper calling for the creation of an industry coalition to support the Public Suffix List (PSL). The PSL is an initiative under the Mozilla Foundation, and identifies the parts of the Internet domain name space under which organizations can register their own domains (think “.com” versus “example.com”). The PSL is a critical information resource used by all DMARC verifiers, and if it were to stop being updated the impact on email security could be enormous. The call to action from M3AAWG: We need some kind of industry coalition to permanently support the PSL.

DMARC is specified under RFC 7489, and a key concept in DMARC is the Organizational Domain. Section 3.2 describes how a public suffix list is used to determine the Organizational Domain, and Appendix A.6.1 specifically mentions the PSL because, frankly, it’s the only one widely and freely available. While use of the PSL may be deprecated in the next version of DMARC (this is still being finalized by the IETF DMARC Working Group), after it’s eventually finalized and published, it will be many years before most email installations using DMARC will deploy updated software. In other words, we’re going to be dependent on the PSL for a long time to come.

And the PSL is used for much more than DMARC. It was created to help browsers make decisions about which HTTP cookies a given website could create or read. Imagine if a bad actor could register a specially named new domain and read the authentication cookies in your browser that let you access your bank or social media accounts. Since then the PSL has found many other uses, one of the more critical being in determining when a request to issue a TLS certificate is too broad – with such a certificate, a bad actor could convince your browser that you’ve connected to your bank or social media site, when you have really connected to their scam site.

If you’re looking for a way to give back to the Internet community as a volunteer, the PSL would be an excellent project to support. The M3AAWG publications (blog, paper) praise the volunteers who have maintained the PSL (rightly so!), and also call for an industry coalition of some kind to provide permanent support and funding, so that Internet users can continue to browse and exchange email safely.