Yesterday I mentioned that there were reports of a compromise at AOL. While the details are hazy, what has been reported is that people’s address books were stolen. The reports suggest lots of people are getting mail from AOL addresses that they have received mail from in the past, but that mail is coming from non AOL servers. In an apparent effort to address this, AOL announced today they have published a p=reject DMARC record.
I expect this also means that AOL is now checking and listening to DMARC records on the inbound. During the discussions of who was checking DMARC during the Yahoo discussion, AOL was not one of the ISPs respecting DMARC policy statements. I’m not surprised. As more information started coming out about this compromise, I figured that the folks attacking Yahoo had moved on to AOL and that AOL’s response would be similar to Yahoo’s.
My prediction is that the attackers will be trying to get into Outlook.com and Gmail, and when they do, those ISPs will follow suit in publishing p=reject messages. For those of you wondering what DMARC is about, you can check out my DMARC primer.
AOL publishes a p=reject DMARC record
A
RSS - Posts
This is a fascinating development. Thanks for the detailed posts.
As recently as a week ago, I definitely saw DMARC rejects to AOL when a from domain was yahoo.com.
[…] are making the same DMARC policy update as Yahoo did earlier this month.  According to Word to The Wise AOL was compromised and user’s address books were harvested.  In an effort to combat the spam issues surrounding […]
[…] are making the same DMARC policy update as Yahoo did earlier this month. According to Word to The Wise AOL was compromised and user’s address books were harvested. In an effort to combat the spam issues […]