Only a Few 2020 US Presidential Candidates Are Using a Basic Email Security Feature (techcrunch.com) 88
Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats during the 2016 election. From a report: Out of the 21 presidential candidates in the race, according to Reuters, only seven Democrats are using and enforcing DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects spoofed emails, which hackers often use to try to trick victims into opening malicious links from seemingly known individuals. It's a marked increase from April, where only Elizabeth Warren's campaign had employed the technology. Now, the Democratic campaigns of Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have all improved their email security. The remaining candidates, including presidential incumbent Donald Trump, are not rejecting spoofed emails. Another seven candidates are not using DMARC at all.
How basic ist it? (Score:2)
Email-server in the basement?
Who killed Seth Rich? (Score:2, Insightful)
A guy supposedly gets mugged on his way home from a night on the town, but still has his wallet on him afterwards...
Exactly that basic (Score:2)
While chuckling at your joke, I'm also going to say that yes, it's that basic. I've worked at some companies that hired me and others because they REALLY needed to improve their security. Lots of low-hanging fruit, bad security practices everywhere. None of them were missing SPF or DKIM (the components of DMARC) when I joined, however. They all got at least that part right. Even if the DMARC was running on a "server" under some guy's desk.
Re: (Score:2)
Re: (Score:3)
Slashdot 2019 can't put DMARC in the title.
How is email so far behind? (Score:3)
Re: (Score:2)
"With billions in fraud every year you would think the country and companies would start cracking down, not fighting against secure email for citizens."
Lots of civil servants already have problems reading unencrypted emails.
Re:How is email so far behind? (Score:5, Insightful)
Lots of civil servants already have problems reading unencrypted emails.
It doesn't help that the likes of Google have become so aggressive in fighting spam using fifteen different quasi-standardised protocols that their false positive rates are insane.
Remember, any time you have to go find a genuine message in some sort of junk folder, that was a fail on the part of the email software.
Any time you don't get a genuine message delivered at all, that was an epic fail on the part of the email software.
And any time you don't get a genuine message delivered at all and it's a silent failure so the sender doesn't even know, that's an off-the-charts fail on the part of the email software that has regressed the state of the art by several decades.
Re: (Score:2)
Re: (Score:2)
I do indeed, but I never had much difficulty filtering it out, just as I don't today (as someone not using one of the big mail services). It simply isn't that big a deal.
Meanwhile, the number of times I have significant problems with business dealings these days, from both customer and business sides, because someone's email got lost in a junk folder or apparently never arrived at all is certainly noticeable, and it's almost always down to a service like Google Mail being too aggressive with filtering when
Re: How is email so far behind? (Score:2)
Who paid for all that spam? Enquiring minds want to know...
Re: (Score:2)
I'm not seeing "insane" false positive rates. If anything, they're still not aggressive enough in blocking spam.
Re: (Score:2)
One of my businesses is a pretty standard online service, with email and password for the basic user authentication. When you have customers who aren't getting your emails at all because their ISP screwed something up and has no apparent mechanism for fixing it, or customers who aren't getting password reset emails that they've just explicitly requested because the messages are being rejected as UCE, that's a problem. This sort of stuff happens all the time. (For avoidance of doubt, yes our mail systems are
Re: (Score:2)
And your evidence for this is what, precisely? Or are you just ragging on civil servants because of ideology?
Re: (Score:2)
With billions in fraud every year you would think the country and companies would start cracking down, not fighting against secure email for citizens.
Maybe some folks in country and companies are earning a good percent on those billions . . . ?
Re:How is email so far behind? (Score:5, Informative)
Gmail does have DMARC. It's been enabled since 2016.
Re: (Score:2)
Government agencies should not do it. Technically speaking they should strive to uphold the law and hence they should have a two stage email process, an email honeypot as you will, that accepts all email and second server that filters out an passed bad email to the authorities for action. Filtering and ignoring would be very bad form for government agencies, those bad emails should be passed to the authorities for investigatory and prosecutorial actions, evidence of crimes should never be deleted, really qu
Re: (Score:2)
The major email providers have already enabled DMARC. However, anyone with a custom domain name (such as the candidates) need to set up their encryption keys and publish them on the DNS in order to enable DMARC. DMARC is based on SPF and DKIM. SPF publishes the range of IP addresses that emails from that domain would be coming from while DKIM publishes a public encryption key that can be used to verify the header of emails sent from that domain.
For most businesses, DMARC is not a big deal to set up. It is a
Hobbled? (Score:2, Flamebait)
Poor email security wasn't what hobbled the democrats in 2016. It was a shitty candidate. It was an obviously rigged primary CHOOSING that shitty candidate.
No email security in the world could have gotten her into the whitehouse; she was and is verifiably horrible, as she went on to demonstrate by the multi-year whining campaign about her losing.
Ah, thanksgiving and politics. It's like peanut butter and chocolate.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Justin Trudeau... lost the popular vote by a wide margin..
Hopefully this galvanizes the right wing to support proportional representation. Here's how the chips would have fallen under that system: https://ici.radio-canada.ca/in... [radio-canada.ca]
The current system favours the centrist Liberal government.
Re:Hobbled? (Score:4, Interesting)
Yes, because let's let California choose our presidents. What with their stellar policies that led to poop filled streets, rampant homelessness, insane taxes and crime...
Wait, I think I just convinced myself that the electoral college is a good idea after all.
Re: Hobbled? (Score:2)
That's a false dichotomy. It is not either electoral college or California. A system which does not allow the minority to elect the president would be a good start. Although that won't do much if most people are idiots anyway...
Re: (Score:2)
A system which does not allow the minority to elect the president would be a good start.
Clinton did not win a majority of the 2016 vote, either.
Re: (Score:2)
https://elections.ap.org/content/clinton-wins-popular-vote-nearly-29-million [ap.org]
So tell me, did our Commander-in-Chief inspire your reply?
https://www.politifact.com/personalities/donald-trump/statements/byruling/false/ [politifact.com]
Re: (Score:2)
Yes, Clinton won more popular votes than Trump. But neither won a majority of the popular vote.
As discussed elsewhere in this thread, Justin Trudeau's Liberals won fewer popular votes than the Conservatives in Canada. His party did win the most seats in Parliament (not a majority of seats), so he remained Prime Minister.
In the US, Trump did win a majority of electoral college votes, thus became President.
Re: Hobbled? (Score:2)
Majority does not always mean 50%. From the dictionary
majority : a party or group receiving the greater number of votes.
Call it popular vote if you want to play stupid.
Re: (Score:1)
> Wait, I think I just convinced myself that the electoral college is a good idea after all.
So you don't support democracy? EC = not all votes are equal.
Re:Hobbled? (Score:4, Insightful)
No, I don't support a democracy. "Majority rule" is little better than "might makes right", and in truth there isn't a whole lot of difference between them in practice. That's why our founding fathers didn't set out to create a democracy, but rather a republic. It's not perfect, sure, but it's the least bad of all the other options.
Re: (Score:2)
So what do you support? Dictatorship? Monarchy? Oligarchy?
Re: (Score:3)
A republic.
Re: (Score:2)
1. A republic is a form of democracy. Look it up.
2. What you really support is a system where one group of people have a vote that is more powerful than others. What's the justification for that? "Majority rule" may not be ideal, but it is certainly better than "Minority rule" which is what you support. Taken to extremes, what you support is an oligarchy.
Re:Hobbled? (Score:5, Informative)
1. A republic is a form of democracy. Look it up.
2. What you really support is a system where one group of people have a vote that is more powerful than others. What's the justification for that? "Majority rule" may not be ideal, but it is certainly better than "Minority rule" which is what you support. Taken to extremes, what you support is an oligarchy.
1) Perhaps you should look it up? https://en.wikipedia.org/wiki/... [wikipedia.org]
A republic (Latin: res publica, meaning “public affair”) is a form of government in which the country is considered a "public matter", not the private concern or property of the rulers. The primary positions of power within a republic are attained, through democracy, oligarchy, autocracy, or a mix thereof, rather than being unalterably occupied. As such it has become the opposing form of government to a monarchy and has therefore no monarch as head of state.[1][2][3]
2) I enjoy how you broadcast you're going to skew my position, then you accuse me of said alternation of position. You realize you only broadcast your own uncertainty when you pull such a fallacy, right?
One of the many reasons majority rule is a horrible idea is that it tends to squash dissenting, or minority, opinions. Often times literally. Another reason is that it's susceptible to the immediate passions of the people. Rarely are good decisions made when people are angry/fearful or otherwise experiencing strong emotions; a republic acts as a break to these behaviors...or should ( as I said, not perfect ). The second iraq war is a great example of a failure in that regard, but alternatively it's a great example of why a democracy would be a horrible idea.
Our founding fathers knew what would happen if everyone had a vote; you'd get the mess we have today. Sure, their means of identifying the "voting class" was questionable, but for the time period it made sense. Today's "voting class" should draw from several disciplines of life; anyone and everyone who demonstrates an understanding of economics and government.
In your world, the druggy pooping on the street in SF would have just as much voting rights as you or I. We can wax philosophical about freedom, but admit it; that's terrifying. Or should be, if you truly respected the power of the vote.
Re: (Score:1)
Perhaps you should try reading your own quote:
"through democracy"
Here is an explanation:
https://act.represent.us/sign/... [represent.us]
You didn't refute my point that what you really support is an oligarchy, in fact you emphasied it with this question:
"In your world, the druggy pooping on the street in SF would have just as much voting rights as you or I"
No, what's more terrifying is that you think that some people should not be entitled to vote. You think that there should be a mechanism under which undeserving (in your
Re: (Score:2)
Soapboxes aside, we already have that. How many felons do you know vote? How many illegal aliens can vote?
So your terror is contrived at best, or based on ignorance at worst.
Re: (Score:2)
Wow. That must be one of the most moronic replies I have ever seen.
Laws that ban felons from voting are part of the response to the liberation of slaves and later the civil rights era. So it is my opinion that felons should be allowed to vote. Non-citizens should not be allowed to vote in state or national elections. I can see a reason why legal aliens should vote in local elections, for things like sch
Re: (Score:2)
So faux incredulity along with contrived fear. AND name calling. Gotcha.
I think we're going to have to agree to disagree. Your painfully obvious lack of knowledge in areas of US civics as well as history prevents you from understanding points I have made as well as points I might make, but really it's your blind bias that prevents you from growing your knowledge and prompts you to make absurd leaps of logic.
Re: (Score:2)
So, basically, you just abandoned arguing facts (not that you ever had any facts) for insults and ad-hominem arguments. You never justified why a minority should be able to out vote the majority.
No point in arguing the point any further until you take part in a real argument.
Re: (Score:2)
All of these problems that you list that California has are the result of excessive wealth.
You realize that you are rejecting economic success, right?
Re: (Score:2)
You're saying that wealth and success causes "poop filled streets, rampant homelessness, insane taxes and crime"?
Funny, I've never seen any other successful place like that. Only California.
Re: (Score:3)
Re: (Score:2)
Yes, because let's let California choose our presidents. What with their stellar policies that led to poop filled streets, rampant homelessness, insane taxes and crime...
Wait, I think I just convinced myself that the electoral college is a good idea after all.
They would choose your presidents If the United States was what it purports to be, a republic that practices true representative democracy. Fortunately for you the United States is a Republic that tries to pass off as representative democracy a gerrymandered monstrosity that allows you and your ilk to regularly obtain a congressional majority and win presidential elections without winning the popular vote leading to tens of millions of Americans being misrepresented in Washington by wilfully ignorant bible
Re: (Score:2)
Re: (Score:2)
Yes, because let's let California choose our presidents. What with their stellar policies that led to poop filled streets, rampant homelessness, insane taxes and crime...
To be fair: the homeless, the poop and the crime are mainly due to homeless people from everywhere else moving to the states on the west side of the country (this happens in Canada too) mainly due to a more favorable climate. California is suffering from failures shared by the rest of the country.
As for taxes.. California has a higher economic output than the rest of the country so they can't be doing that badly.
Re: (Score:3)
The "homeless are all from somewhere else" is a myth put out by California politicians to try and make themselves look better.
In fact studies done within California by various agencies, including governmental, all tend to find similar numbers; the vast majority of 'homeless' in California have lived in California for more than 10 years prior to becoming homeless and less than 20% (in some cities less than 10%) actually moved there after becoming homeless. The non-native Californian homeless tend to be peop
Re: (Score:2)
Yes, because let's let California choose our presidents. What with their stellar policies that led to poop filled streets, rampant homelessness, insane taxes and crime...
Wait, I think I just convinced myself that the electoral college is a good idea after all.
California has its problems, but this is the kind of nonsense you hear from people who've never been there long enough to look into it. The top things contributing to all the things you mention are:
* The insanely large-scale heists pulled by Enron,
* A reduction on property taxes which made premium real estate - in an area not amenable to further development thanks to difficult terrain and earthquakes - a killer chance for landlords to price-gouge others on.
* The lack of rent controls to keep the trust-fund
Re: Hobbled? (Score:2)
"would have actually been more livable with more progressive taxation and stricter regulation"
San Francisco, and to a lesser degree the other major cities in California, are among the most heavily regulated environments in America. Some of those regulations are good, some are questionable, some are harmful.
While it's entirely possible the city might benefit from different regulations, or from less corrupt administration of existing regulations, it's hard to imagine how _stricter_ regulation would help. "No
Re: (Score:2)
Re: Hobbled? (Score:5, Insightful)
Jesus Christ.
The presidency has never and will never be selected by the popular vote. That's by design and it has always been that way since the inception of the republic.
We're not a direct democracy. We're a constitutional republic that balances the needs of population centers against those in not so populous places.
It's the reason America is an empire spanning an entire continent coast to coast with her power being projected across an entire globe.
Your ignorance of basic American civics doesn't make that system bad. It's just proof that your high school teachers have utterly failed you and that your political party of choice is clearly incompetent.
Re: Hobbled? (Score:2)
Widespread election fraud was the only reason candidate H. Clinton "won" anything.
Re: (Score:3)
plenty of people voted for her. I doubt the primaries were rigged in any other way than people not caring for them due to her having been in the race. it's not like that she was unpopular. far from it. if anything people thought her to be more popular and didn't even bother going to vote, which is a common occurrance.
saying that she wasn't popular is just dishonest. now of course that says nothing about her being a horrible person or not having any actual policies or whatever, but that's an entirely separat
Re: (Score:2)
I doubt the primaries were rigged in any other way than people not caring for them due to her having been in the race.
Willful ignorance serves only those who depend on your ignorance [nypost.com].
Re: (Score:2)
Poor email security wasn't what hobbled the democrats in 2016. It was a shitty candidate....
BS. It was unending, unfounded personal attacks with few facts/evidence and poor arguments to back them up. Exactly like this post. This one of course has 0 facts/evidence/arguments. But a good example of how she lost because mindless negativity trumped logic. Pretty common in politics.
Back on topic, the article is completely right. I remember pretty much the only reality-based argument against her that I ever heard from people was about emails & security practices. So people voted for these [mediamatters.org] gu [americanoversight.org]
Re: (Score:2)
BS. It was unending, unfounded personal attacks with few facts/evidence and poor arguments to back them up.
I mean, welcome to politics? Are you really trying to tell me that you never noticed that before this election, nor that you didn't see her engaging in precisely the same behavior?
Deplorable.
Anyway, in all seriousness; the email server hack wasn't the problem. It was the horrible crap that was under the surface that was the problem. Blaming the hack is literally shooting the messenger.
Re: (Score:3)
I mean, welcome to politics?
Ya I know. Doesn't mean we shouldn't call it out. But that part isn't the crux of my point.
you didn't see her engaging in precisely the same behavior?
No, not even close. Personally exalting violence against your opposition, both the candidate and even just supporters. Publicly encouraging racist myths. The first end result was a guy shooting up a Pizza joint. So, no, she did nothing like that.
Deplorable.
Ya I have to agree that was a poor choice of words, and I think she even admitted it publicly. But it's not like she doubled down w/ it and made tshirts. Almost every n
Re: (Score:2)
Poor email security wasn't what hobbled the democrats in 2016. It was a shitty candidate....
BS. It was unending, unfounded personal attacks with few facts/evidence and poor arguments to back them up. Exactly like this post. This one of course has 0 facts/evidence/arguments. But a good example of how she lost because mindless negativity trumped logic. Pretty common in politics.
We just saw that for two weeks, with Adam Schiff holding "court" with a dozen witnesses who either said they knew no facts, just their opinion - or, in the case of the ONLY real, first-hand witness Ambassador Sondland - that it was EXPLICITLY stated there would be nothing back, no quid pro quo.
But we all know (wink wink Nancy, Adam, and Jerry) that he didn't mean any of that, he's a meanie, and really wanted everyone to do exactly the opposite of what he asked. Because Orange Man Bad.
Re: (Score:1)
We just saw that for two weeks, with Adam Schiff holding "court" with a dozen witnesses who either said they knew no facts, just their opinion
ok, real "court" does indeed have witnesses. Witnesses revealing what they heard and saw, sometimes even 2nd hand. This congressional hearing, under oath, found both. The US president tried to bribe a foreign president for help with the US election for president. It doesn't get any higher than that.
or, in the case of the ONLY real, first-hand witness Ambassador Sondland - that it was EXPLICITLY stated there would be nothing back, no quid pro quo.
Then, after other witnesses said otherwise, he changed his story, and "EXPLICITLY stated" that yes, there was indeed quid pro quo. Everyone is under oath.
Re: (Score:3)
Re: (Score:1)
No, in "real" court, both sides get to call witnesses, ask questions, and the testimony of 2nd hand/3rd hand (4th hand, even) doesn't matter - direct witnesses matter.
In real court, trump would be tried directly by a judge or jury. But this is an impeachment hearing, where the r's are making every horrible excuse to not believe their eyes and ears. If you want to trade, I'm happy to. As it stands, most people subpoenaed are not coming forward, especially trump. If 1/10th of his claims were true, and there was no quid pro quo, why doesn't he just show up and say so? Why not provide congress with all that written evidence they've asked for?
If some of the gang admi
Re: (Score:2)
https://www.nytimes.com/2019/11/12/us/politics/mulvaney-impeachment-subpoena.html [nytimes.com]
https://www.reuters.com/article/us-usa-trump-impeachment-mcgahn/trump-administration-wants-order-for-mcgahn-testimony-put-on-hold-idUSKBN1Y01VF [reuters.com]
https://www.thedailybeast.com/the-impeachment-hearings-didnt-hear-from-the-seven-most-important-witnesses?ref=home [thedailybeast.com]
Re: (Score:2)
Re: (Score:2)
And here I am with no mod points.
Neither of the Party's candidates should have been allowed to lead a Cub Scout pack, let alone a nation.
Re: (Score:2)
Errrm....this is also reflected on the Republican side where the Whiner in Chief is on a multi-year whining campaign still thinking he's running against her and/or Obama. Once he gets a thought in his head, there's no getting it out.
Re: Hobbled? (Score:2)
In a sense President Trump is still running against the disastrously failed bipartisan neoliberal economic policy consensus for which Obama was the most recent figurehead.
Re: (Score:2)
she was and is verifiably horrible
No question. Cheeto does not make America look smarter though.
We care about email security this time? (Score:1)
Re: (Score:2)
DMARC isn't what those people think (Score:3)
In practice, DMARC is only for proof-of-work to the oligopolist email providers that shit on anyone who doesn't have 1 million per hour hitting their servers. Admins ignore DMARC on the receiving end. Even Google sends p=reject to the spam folder.
If they want to look at something that matters, pay attention to blacklists. These opaque organizations have near total autonomy to block any mail server they desire. Even when you email experienced admins that they are using spamassassin to block legit mail because they refuse to learn how to use spamassassin, they tell you that you are stupid and go away.
When everyone who knows tells you you're wrong ... (Score:2)
Everyone is wrong about something pretty much every day. I've been hired as a "subject matter expert" multiple times; yesterday at work I was wrong twice in a single email. In a single sentence, actually.
"experienced admins ... tell you that you are stupid and go away."
When everyone who would know tells you that you're being stupid ...
maybe you're - wrong.
It's cool, being wrong sometimes is normal. Refusing to learn when everyone tells you that you were wrong would be silly.
Re: (Score:2)
Do you have experience configuring and maintaining mail servers?
Yep, that's my job #1 (20 years) (Score:5, Interesting)
Yes, I've been managing mail servers on and off for 20 years. At one point I founded and ran a business similar to Constant Contact. I had input into turning DomainKeys into DKIM. Over this period, I learned both the standards (RFC s etc) and real life - which are sometimes different.
For most of my career, I've been in security. Currently I'm responsible for the spam and malware filters that sit in front our Exchange servers and O365. Other people are responsible for getting the mail delivered after I filter it.
Sometimes one can correctly point to an RFC which suggests one thing, while real-life experience in the years since the idea was first adopted leads to something a little different being done in production networks. Remember RFCs are written as suggestions for discussion BEFORE they are widely implemented. Sometimes the industry rightly adopts something a little different from the initial suggestion based on experience.
Other times, things are broadly implemented "wrong" when they SHOULD have followed the RFCs, by people who apparently never read the RFCs. A striking example is early "CDNs", which are simply large networks of http proxies. The writers of the HTTP RFCs thought carefully about how proxies needed to work in order to avoid problems. The first large CDN companies utterly ignored the standards and broke a lot of things.
For example, one very popular CDN stripped off the query string for caching purposes, so that a PHP session ID or other per-client query string wouldn't break caching. I emailed their support to clarify, asking:
Are you telling me that your CDN doesn't know the difference between this page:
http://google.com?search=its+a... [google.com]
And this one:?
http://google.com?search=a+hol... [google.com]
Tech support replied that indeed their product doesn't know the difference between its and a hole in the ground.
The CDN implementation was undoubtedly "wrong". It was also very popular. Therefore many other systems needed to be "wrong" I order to not break when that CDN came into play. The right thing to do was to make your software wrong. If it were coded "correctly" it would break. That sucks, but it's reality and we have to do deal with reality.
Re: (Score:2)
That's interesting.
Why would it be useful to block your users from email they need to receive? That is what happens when cargo cult admins who pretend to know everything but know very little about mail server administration do when they configure a remote list manager that operates with no accountability the power to block legitimate access to your own server.
Re: (Score:2)
When somebody sends spam to a honeypot, an email domain setup and for no other purpose than to catch spammers, then tu sender is a spammer. Are you upset about that fact because you routinely get caught sending crap to honeypots? If so, I can understand it would be frustrating for you - and you're still a spammer.
telnet localhost 25 (Score:1)
helo
mail from: putin@kremlin.ru
rcpt to: trump@whitehouse.gov
data
From: Boss <putin@kremlin.ru>
Subject: advice
Start talking shit about the Deutsche Bank guy to throw everyone off your trail. Tell everyone he was a Democrat. It will sound totally convincing and then everyone will realize you're innocent.
BTW, how much longer until sanctions lifted?
.
Not enough Ukrainian corruption (Score:2)
Re: (Score:2)
"There’s little evidence of such a top-down effort by Ukraine. Longtime observers suggest that the rampant corruption, factionalism and economic struggles plaguing the country — not to mention its ongoing strife with Russia — would render it unable to pull off an ambitious covert interference campaign in another country’s election. And President Petro Poroshenko’s administration, along with the Ukrainian Embassy in Washington, insists that Ukrai
What DMARC Does (Score:3)
Email security combines a number of features. DMARC is only a reporting/policy layer. All politicians and organisations using email as a medium for communication should be signing their emails with SMIME. That's the proper way to provide integrity. It's the same as HTTPS on websites.
SPF (RFC 7208) tell servers where your emails should come from, if they're coming from somewhere else, refuse them/drop them.
DKIM (6376) places a signed header in the emails so a receiver can check that you' the sender, if an email purporting to come from a domain fails this test, drop it.
All DMARC does is tell the receiver what to do if a check fails and report back to the sender. Why this is required is apparently that email senders don't know what they're doing and that dropping emails that fail the checks is too much tough love.
What should be happening is that emails that fail the checks just should be dropped period, no ifs but or otherwise.
There are too many organisations which have a soft option configured in their SPF records ie a ~all rather this -all
The tilde in front of the all says I think that this is all my email servers but I'm not sure. In other words I'm clueless and disorganised and don't know where my emails should be coming from.
A minus in front of the all says the list is front is all of my servers, ie I have a clue.
A couple of examples
gmail ~all (weak)
google.com ~all (weak)
Microsoft.com -all (good)
dhs.gov -all (good)
amazon.com -all (good)
apple.com ~all (weak)
Re: (Score:1)
The problem I have found with DMARC, is that a lot of spammers get round this by trying to make the FROM: name something a victim will fall for - as a lot of e-mail clients, Apples in particular, do not automatically show the e-mail address.
A spam campaign targetted my company. The e-mails sent out were forged Mr CEO ceo@mycompany.com. As they were forged, from a non DMARC IP address, these were all rejected, job done, DMARC worked great.
So the spammers simply just changed to Mr CEO comp@account.ug