> On Mar 12, 2015, at 1:12 AM, Stephen J. Turnbull <turnb...@sk.tsukuba.ac.jp> > wrote: > > Terry Zink writes: > >> There is a lot of overlap in some mail clients, but there is also >> ambiguity about how to show certain things. To say "My users like >> this, and don't like that" > > "Like" and "dislike" are *not* what was reported here. Mail that we > should presume is legitimate (based on the OP's testimony) was > suspected of being fraudulent merely because of the "on behalf of" > display. So "on behalf of" appears to be generating Type II errors > (false positive for abuse), while DMARC is intended to prevent Type I > errors (false negative for abuse). > >> is good anecdotal evidence but what proportion of mail flow is >> that? How representative is it for everyone else? How much does the >> existing user base understand or even care about how something like >> this is displayed? Is it good enough? These are not questions that >> are easily answered. > > Nor are they the questions I'm interested in here. I want to know if > there are use cases where displaying "on behalf of" is *useful*, or if > when it matters, it primarily induces user *mistakes*. > > Of course to Microsoft's Outlook developers, those are crucial > questions. We aren't Outlook developers (not even you), so we don't > actually care. I think we do care about user psychology in deciding > whether a particular message is abusive, though.
Actually, I do care because the desire is for consistent and persistent behavior across the MUA board. When dealing with subjective concepts such as User Psychology, then its becomes much harder to address due to lack of persistency and consistency. We are looking for generic, reproducible, verifiable automatic computer software logic, that removes the burden from the user, including operators, making the complex decision about what is good or bad. The exceptions are always taken into account. Most of the time, you are going to depend on what the backend does consistently and persistently for all user types because the backend has to worry about a group of MUA types -- there is not just one type of course, even if there is a monopoly, there are far too many MUAs. This includes the old school RFC-based MUAs. The current trend is to move users to online MUAs, but that has always been a direction with the older methods still viable. They are not going away. -- Hector Santos http://www.santronics.com _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
