Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 5:45 PM, Seth Blank wrote: There's a lot of clear and generally consistent data that shows From: header field spoofing leads to outsized impact on end users. Odd that I've never seen it.  Odd that it didn't surface during the literature search that was done when BIMI was started.

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields D

I don't understand why this topic is debatable. We are faced with a constant stream of mail which we do not want. We need to block the nuisance stuff as well as the dangerous stuff, so that the important stuff gets processed in a timely manner, and so that our labor efforts can be spent on

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Thanks for bearing with me, Dave. On Tue, Jun 2, 2020 at 5:26 PM Dave Crocker wrote: > When this match fails, a message can be rejected before it's ever in front > of a user and capable of causing confusion or fraud. > > Exactly. What matters is that unalignment is presumed to demonstrate bad

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 5:13 PM, Seth Blank wrote: On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker > wrote: On 6/2/2020 3:53 PM, Seth Blank wrote: > The point I was trying to make is that consumers are susceptible to > fraud, Of course they are.  Unfortunately, that

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker wrote: > On 6/2/2020 3:53 PM, Seth Blank wrote: > > The point I was trying to make is that consumers are susceptible to > > fraud, > > Of course they are. Unfortunately, that point is irrelevant, because it > isn't the question at hand. > Dave, this

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 3:53 PM, Seth Blank wrote: The point I was trying to make is that consumers are susceptible to fraud, Of course they are.  Unfortunately, that point is irrelevant, because it isn't the question at hand. and the system needs to stop these messages before they ever get in front

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On Tue, Jun 2, 2020 at 3:42 PM Dotzero wrote: > Actually Seth, you are flat out wrong. I was there and part of it. It was > not about signaling. It was implemented at the MTA level and was about > preventing the "badness" from reaching the end user rather than signaling > to the end user. >

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On Tue, Jun 2, 2020 at 5:31 PM Seth Blank wrote: > As an individual: > > On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker wrote: > >> However there appears to be no actual evidence that lying in the From >> field affects end user behaviors, and certainly none that lying in the From >> field about

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 2:42 PM, Seth Blank wrote: Also, from literally today: https://www.justice.gov/usao-sdtx/pr/man-admits-spoof-email-fraud-scheme-and-more Oh my. Is it really that difficult to understand the difference between choosing to take an action, versus being affected by your taking that

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

I'm sorry to pile on but could not restrain myself: https://www.bmj.com/content/327/7429/1459?ijkey=c3677213eca83ff6599127794fc58c4e0f6de55a=tf_ipsecsha I get Dave's point, but at the same time, it is well known that copy tweaks can have significant effects on conversion rates. Whether the

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Wow. I'll ask folk to reread my text, here, carefully, since it specified something quite narrow and concrete, but is somehow being taken to have meant something broad and general: On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker > wrote: However there appears to be no

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Also, from literally today: https://www.justice.gov/usao-sdtx/pr/man-admits-spoof-email-fraud-scheme-and-more On Tue, Jun 2, 2020 at 2:30 PM Seth Blank wrote: > As an individual: > > On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker wrote: > >> However there appears to be no actual evidence that

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

As an individual: On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker wrote: > However there appears to be no actual evidence that lying in the From > field affects end user behaviors, and certainly none that lying in the From > field about the domain name does. > There are decades of data that prove

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 1:36 PM, Murray S. Kucherawy wrote: On Tue, Jun 2, 2020 at 11:01 AM Dave Crocker > wrote: Your comment implies that what is displayed to the user is important in anti-abuse efforts, but there is no data to support that view, and some

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On Tue, Jun 2, 2020 at 11:01 AM Dave Crocker wrote: > Your comment implies that what is displayed to the user is important in > anti-abuse efforts, but there is no data to support that view, and some > significant data to support the view that that's wrong. (cf, the > extensive literature

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 12:32 PM, Pete Resnick wrote: On 2 Jun 2020, at 13:29, Dave Crocker wrote: On 6/2/2020 11:12 AM, Pete Resnick wrote: On 2 Jun 2020, at 13:01, Dave Crocker wrote: There's no reason that DMARC couldn't have included the sender or tried to have some kind of PRA like spf v2... but

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 2 Jun 2020, at 13:29, Dave Crocker wrote: On 6/2/2020 11:12 AM, Pete Resnick wrote: On 2 Jun 2020, at 13:01, Dave Crocker wrote: There's no reason that DMARC couldn't have included the sender or tried to have some kind of PRA like spf v2... but that's not the goal. But the Sender:

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 11:12 AM, Pete Resnick wrote: On 2 Jun 2020, at 13:01, Dave Crocker wrote: There's no reason that DMARC couldn't have included the sender or tried to have some kind of PRA like spf v2... but that's not the goal. But the Sender: field is not reliably present and, of course,

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 2 Jun 2020, at 13:01, Dave Crocker wrote: There's no reason that DMARC couldn't have included the sender or tried to have some kind of PRA like spf v2... but that's not the goal. But the Sender: field is not reliably present and, of course, DMARC needs an identifier that is reliably

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 10:11 AM, Brandon Long wrote: And if the mail client displays the Author, then we're kind of back to square one with displaying unvalidated data to the user. No we aren't. Your comment implies that what is displayed to the user is important in anti-abuse efforts, but there is no

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On Tue, Jun 2, 2020 at 12:44 PM Jesse Thompson wrote: > I'm relaying these DMARC questions/concerns on behalf of an email admin at > another university. I quickly searched this list's archives for the Sender > header vs DMARC alignment issue and don't see much aside from a > conversation in May

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

On 6/2/2020 9:44 AM, Jesse Thompson wrote: I'm relaying these DMARC questions/concerns on behalf of an email admin at another university.  I quickly searched this list's archives for the Sender header vs DMARC alignment issue and don't see much aside from a conversation in May 2015.  Is it

[dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

I'm relaying these DMARC questions/concerns on behalf of an email admin at another university.  I quickly searched this list's archives for the Sender header vs DMARC alignment issue and don't see much aside from a conversation in May 2015.  Is it worth further discussion and/or an issue in