On 6/11/2019 8:12 AM, Alessandro Vesely wrote:
On Mon 10/Jun/2019 22:17:01 +0200 Dave Crocker wrote:
On 6/10/2019 1:17 AM, Alessandro Vesely wrote:
On Sat 08/Jun/2019 18:49:03 +0200 Dave Crocker wrote:
Except that most users don't actually see that address because these days most
MUAs only display the display address.
We often came across this realization. Since DMARC hinges on that field, I
think the spec should include some advice to MUA implementation.
Unfortunately there is no 'advice' to give that has any utility.
If you feel otherwise, please try to formulate it, including the basis for
believing it useful, and then try to get community support for it.
I'd propose bullets like the following for Section 12.4:
o In the MUA, it is safe to only show the display name if its
Sorry, but I asked for evidence of utility. My guess is that you are
only thinking in terms of information theory, rather than human factors
usability. These produce very, very different results.
To my knowledge, there is no empirical evidence at all of what
RFC5322.From display strings are safe or dangerous to show.
o The authentication status of the message should be visible.
Why? What's your empirical evidence of utility for this?
A trust on first use (TOFU) approach would seem to be possible.
In practical terms, what does that mean? Who does what, exactly?
A discrepancy can be enhanced by bold characters, by a pop-up, or by a beep and
an alert message. Anything but silently displaying a familiar name which
actually stands for something else.
I suspect you are not familiar with a related effort that was pursued
for the web, distinguishing domain names that had ave been vetted vs.
those that have not. It did not go well.
A user can then arrange her address book so as to make it clear to the MUA that
a class of email addresses are equivalent to one another, in order to avoid
meaningless alerts.
What makes you think users want to do this extra work or that they will.
Evidence to date is that they don't and won't.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
