https://academic.oup.com/cybersecurity/article/6/1/tyaa009/5905453 was just published by NIST, proposing a difficulty rating scale for detecting (and hence avoiding) phishing messages.
Interestingly, the domain aspects are relatively minor cues amongst their extensive list. They do not score the efficacy of individual cues, but rather generate an aggregated potential score for the phish campaign to rank the difficulty of spotting it. I don't see this as directly relevant to the WG's effort, but there has been some discussion regarding research into user behaviour... --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
