THE BIG PHISH: Verizon season now open, courtesy of proofpoint and/or Agari

Wanna go phishing on a Spring day? Try Verizon phone accounts. Take'em over. Mine them for bucks. Thanks to proofpoint (for Verizon.com) or Agari for (Verizon.net), it's like shooting phishees in a barrel (see the tom's guide story here). Verizon offers flawed DMARC Enforcement, probably due to missing or misconfigured SPF records by both proofpoint and Agari? Or possibly leaving DMARC Enforcement up to ReturnPath.net? Mother of Moses, when will it end? When will it end?

And to the Verizon CISO, quit believing your own press clippings (check one clipping here) and earn your stripes. Yegads, you "…frequently brief White House and Congressional staff on sensitive security matters…"? Dammit, the cobbler's child is barefoot! This just goes to show that all DMARC-touting vendors aren't created equal. Keep looking, grasshopper.

Mad Max