On 4/28/15 6:44 AM, Dave Crocker wrote: > On 4/25/2015 8:34 AM, Stephen J. Turnbull wrote: >> Of course, the reality that this is an IETF WG, and what we can >> do that has effect with high probability is change wire protocols. >> MUA presentation is outside of our bailiwick, > Exactly. > > Which means that an extended thread discussing user behavior is a > distraction from the working group's focus, especially absent careful, > and objective documentation of UCD/UX-related efficacy experiments.
Dear Dave, One of the early versions of DMARC included considerations related to the delivery of messages that fall into the category of "reject". ,-- Mail Receivers MAY choose to accept email that fails the DMARC mechanism check even if the Domain Owner has published a "reject" policy. Mail Receivers SHOULD make a best effort not to increase the likelihood of phishing if it chooses not to reject, against policy. '-- One of the later versions of DMARC cautioned about applying DMARC policy against user email. It seems DMARC now expects to transform SMTP where the identity of the author becomes less deterministic by being the only identity considered. The various transformation schemes afford less security by allowing more ways to obscure the true source of a message when all that is seen is the From. When a few domains decide to publish "reject" policies disruptive for valid and legitimate mediated services do so by ignoring the role assigned the From and that of the Sender. It should not matter how the identity responsible for actually sending the message is displayed. It should be validated where possible and enter into considerations about whether the message should be rejected and even that the actual sender be conveyed to recipients when it is not. At least early on, some recognized a need to mitigate such disruption where of course, a best effort should not increase the likelihood of phishing where the actual sender identity be confirmed. Something that DMARC currently fails to provide. In addition, moving valid messages into Quarantine folders causes an increasing number of users dangerously wading through this folder as well. In this respect, DMARC is making the problem worse and not better when DMARC policy abuses valid and legitimate messages by ignoring the valid role of the Sender for non-transactional email exchanges. Regards, Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
