On Feb 13, 2015, at 11:53 AM, Brandon Long <bl...@google.com> wrote:
> > > On Fri, Feb 13, 2015 at 10:51 AM, Steve Atkins <st...@blighty.com> wrote: > >> >> Sometimes your requirements mean that you have to encourage >> bad behaviour. But it's good to be clear that that's what you're doing, >> and that you're making discussion lists less usable (forever) for >> everyone other than AOL and Yahoo users in the process. >> > Probably because fewer people by several orders of magnitude use discussion > lists than are affected by the phishing problems that DMARC and the AOL/Yahoo > MSPs are trying to solve. > > And probably another couple orders of magnitude care about the fact that the > From header is now munged or what the PRA is. > > And phishing has real world financial consequences far in excess of whatever > the cost of munging the from header might be. Not to mention real world > spamming consequences probably far exceeding mailing list traffic as well. > > And Gmail does show the Sender information, though only when we think its > necessary. And user studies have shown its nearly useless to the majority of > users when it comes to preventing phishing. > Sure. DMARC protects a field that most people don't care about or, in some cases even see. I'm not surprised that it's nearly useless to the majority of users in preventing phishing. While the number of people who participate in mailing lists and care about who the other recipients are may be fairly small, the benefits of DMARC deployment to end users seem to be - for many use cases - pretty small too (unless you consider the abstract "brand protection" where you don't let others play with your toys, at least not in the 822.From a benefit). (Those small number who do participate in mailing lists are being trained to ignore the 822.From when working out who a piece of email is from, of course.) Any reduction in volume of phishing mail seems to have been extremely temporary, and I doubt it's made any impact on how effective phishing mail is either. I've not seen any compelling research that argues either way on that, though, so ICBW. > That said, of course any postmaster/listmaster is allowed to run their > systems however they wish. Of course. Their decisions do affect everyone else, though. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
