I’m hearing hints that there are some malware or phishing links being sent out to gmail address books, “from” those gmail addresses. If that is what’s happening then it’s much the same thing as has been happening at Yahoo for a while, and AOL more recently, and that triggered their deployment of DMARC p=reject records.
It’s going to be interesting to see what happens over the next few days.
I’ve not seen any analysis of how the compromises happened at Yahoo and AOL – do they share a server-side (XSS?) security flaw, or is this a client-side compromise that affects many end users, and is just being targeted at freemail providers one at a time?
Does anyone have any technical details that go any deeper than #AOLHacked and #gmailhacked?
Is gmail next?
I
I can not offer any technical details, I’m afraid. However, implementing a strict DMARC policy in a reactive manner while dealing with a major compromise is not a great look. Now that two providers have done so and the world has not stopped, it is looking like a sensible move anyway. If I were a major webmail provider, I’d be taking this chance to make the change pre-emptively.
“the world has not stopped”
Unless you use Mailman. It’s ‘wrap’ option is worse than useless because a variety of mail clients display mail as an attachment, not inline, and it’s ‘munge from’ creates issues too because all the mail now says ‘John Smith via Mailman” and end users have no idea what Mailman is.