On 7/17/2020 11:30 AM, Kurt Andersen (IETF) wrote:
Dave writes:
However, for all of the real and serious demonstration of users' being
tricked by deceptive or false content in a message, there is no evidence that
problematic content in a field providing information about message's author
directly contributes to differential and problematic behavior by the end user.
I'd counter by personal anecdote that we have had to undertake
security remediations because of messages which were forwarded by our
CEO to other employees for responses which happened to contain malware
and/or bad links. Presumably, the cachet which was carried along with
"important person says look into this" overcame whatever native
caution or skepticism might have prevented them from falling prey
otherwise.
Except that the problem isn't the email address, especially since almost
no one sees those any more. And the display name isn't protected.
I'm not quite motivated enough, or I'd have had this message contain:
Kurt Anderson <dcrocker@gmail>
and it would have passed the necessary tests...
In other words, when we talk about threats and we talk about
mitigations, we need to be careful that they align properly.
(I suspect there's some irony in my choosing 'align' but it was not
intentional, though I'll take the extra point for noting it.)
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
