Anne, On 3/23/2015 3:07 PM, Anne Bennett wrote: > But if the message is delivered, either because it passes DMARC, > or it fails but is "quarantined", then the receiver will see the > message, and will make assumptions regarding the authenticity of > its origin based, most likely, on the "From:" header. It seems
Unfortunately, user references for this sort of work have no productive use to that work, but instead often prove counter-productive. You make an assumption about user assumptions. Forgive me, but I doubt you have a reliable, objective, empirical basis for making that assertion or much that derives from it. In fact there's a reasonable chance that your assumption is flawed. That's why I keep stressing the importance of keeping user references out of these discussions. They are not helpful to the work and they are distracting. > not unreasonable to suppose that the writer of a user interface > would want to indicate somehow to the user that the message was > (or was not) vetted as coming from where it says it came from. > The DMARC results seem like an obvious source of information > for such an indication. "Not unreasonable' is a common justification for UI design choices. The reality of successful UI design is that many choices that are "not unreasonable" don't work or work poorly. Consequently, "not unreasonable" is a singularly insufficient justification. At the very best, it can serve to provide input to experimental processes that investigate actual efficacy. > One could argue, I suppose, that once again we're talking > about the behaviour of software, but the point of all this, > unless I woefully misunderstand, is to protect the user from > fraud due to the faked provenance of a message. As a very general mission statement -- or an even higher-level motivator for working in this space -- perhaps, but that has essentially no effect on design choices here. In practical and operational terms, the point of all this is to allow filtering engines to make better decisions about possibly-spoofed mail. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
