Dave Crocker writes: > On 3/22/2015 1:39 PM, Stephen J. Turnbull wrote:
> > I took you to mean that the relationship between the purported > > identity in From, based on the address in that field, and the user's > > behavior is irrelevant to specification of DMARC and related > > protocols. > > I didn't say that, but I'll say it now, too. (Ignoring the underying > truth that users get tricked, which provides the motivation for worrying > about spoofing.) Ignoring motivation was appropriate for Milestone 1, which was concerned with ensuring a lack of ambiguity in RFC 7489, which has a well-defined set of requirements. But we are now looking at "next steps", ie, a new set of requirements, because implementing the RFC 7489 requirements turned out to be insufficient to enable many use cases people participating in this WG care about, and to have some rather nasty side effects in combination with preexisting systems. I think discussion of motivation and agent (not limited to mail recipients) behavior is exactly what is needed at this stage, even if it's rather speculative and not founded in formal user interface research. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
