Barry Leiba writes: > But the more important point is that you're presupposing that the > changes are "better",
Yes and no. Obviously, if it is impossible to improve the MUAs, there's no point in discussing it. In that sense, I have to presume that improvements exist. That doesn't mean I assume I know what they are, or that any of the examples I gave are better. On the Mailman lists today, one postmaster posted that he is observing a surge in AOL-spoofing phishing this week, with AOL screen names in the display name and some other address as the actual From: mailbox. The abusers seem to have access to contact lists, as often the addressee is acquainted with the AOL screen name. I don't see how DMARC can help deal with that -- unless it cooperates with the MUA. Although writing MUAs is not what this list is about, I think we *should* think about what information we *can* make available to the MUA that may be useful in addressing such attacks, ask the MUA authors what information they could use, and write protocols that make useful authentication information available to the MUAs conveniently, to present to the users in appropriate ways as the MUA devs see it. > We have to be very careful about such changes, *We* can't make any changes in the MUAs, and there are few, if any, MUA devs here to be misled by our mistakes. Such speculation may be a waste of our time, but no worse than that. > and not assume that we know what's better. I don't. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
