On 3/24/2015 10:59 AM, Anne Bennett wrote: > > Dave, > >> You make an assumption about user assumptions. Forgive me, but I doubt >> you have a reliable, objective, empirical basis for making that >> assertion or much that derives from it. In fact there's a reasonable >> chance that your assumption is flawed. > > I have a 24-year-long parade of users worried that their account was > compromised because they're receiving bounces for spam they never > sent,
Forgive me (yet again) but that wasn't the issue. Yes there's a problem. Long-standing, real and serious. However the issue on the table is an assertion of efficacy by presenting certain kinds of information to end-users. And it's that assertion that is (highly) problematic. Which is why I urge everyone to bypass it. > But we're straying from the topic, which is indeed to come up with > technical specs that software can obey. Having said that: > >>> One could argue, I suppose, that once again we're talking >>> about the behaviour of software, but the point of all this, >>> unless I woefully misunderstand, is to protect the user from >>> fraud due to the faked provenance of a message. >> >> As a very general mission statement -- or an even higher-level motivator >> for working in this space -- perhaps, but that has essentially no effect >> on design choices here. > If "the point of all this" has "essentially no effect on design > choices", we have a serious problem. It's all very well do do > things right, but we have to make sure we're doing the right > thing too. Protecting users does not automatically or necessarily entail presenting spoofing/validity information to those users. >> In practical and operational terms, the point of all this is to allow >> filtering engines to make better decisions about possibly-spoofed mail. > > ... and again, if those decisions result merely in rejecting a > message, the user isn't involved, but as soon as those decisions > can result in tagging a message for possible consideration by the user > (probably via different display by the UI), we can't ignore the user. The presumption that 'tagging a message for possible consideration by the user' is in any way relevant or helpful is problematic. Highly problematic. > I agree that this isn't the place to delve deeply into user behaviour > and UI design. But we shouldn't ignore the context of our work. Any consideration here, which leads to assumptions or expectations of things being presented to end users for their consideration, is a pure distraction -- at its best. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
