On Sun 17/Oct/2021 20:59:35 +0200 John Levine wrote:
According to Baptiste Carvello <[email protected]>:
Users care about who authored the content, not which machines it was
relayed over.
A MLM is not just a machine. It is also a context, and often an active filter.
If you rewrite From, all you do is bring irrelevant complication in the
face of the users, and they will quickly learn to ignore it (thereby
undermining DMARC in general).
As Dave Crocker often reminds us, there is no evidence that the contents
of the From line has any effect on users' security decisions,
Yet, showing authentication results is useful. For example:
We observe that the security cue has a clear impact on the user action.
Comparing with the groups “without security cues”, the click-through rate
of those “with security cue” drops by 12.3%–37.9%. [...] The results
suggest that security cues have a significant impact to reduce the user
tendency of clicking on phishing URLs
https://arxiv.org/abs/1801.00853
But it is nice to know who a message is from. I am on a few lists that
are misconfigured to put the list's address on the From line with no
hint about who wrote the message.
That, and the ability to reply to author.
My impression is about half the messages on such lists are "could you put
your name in the body of the message so we know who it's from, please."
Perhaps an RFC could improve the way average MLMs rewrite From:?
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
