Wow. I'll ask folk to reread my text, here, carefully, since it
specified something quite narrow and concrete, but is somehow being
taken to have meant something broad and general:
On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker <dcroc...@gmail.com
<mailto:dcroc...@gmail.com>> wrote:
However there appears to be no actual evidence that lying in the From
field affects end user behaviors, and certainly none that lying in
the From field about the domain name does.
And again, there are all sorts of threats and all sorts of bad
behaviors, but the question is whether a particular kind of bad actor
behavior affects recipient end-user behavior.
And the specific kind is lying about the From: field domain name.
Please point to specific research -- not an extended report with lots of
varying content.
On 6/2/2020 2:30 PM, Seth Blank wrote:
There are decades of data that prove just this.
As I said, we did an extensive literature search at the beginning of the
BIMI and there was no supporting research.
So now let's look at the purported counter-example you provided:
On the abuse side, Microsoft, Google, Proofpoint, Mimecast, and others
(including Valimail) have all published reams of research reports over
the years. On the marketing side, there's another decade or two of
data about how properly crafting the From materially impacts open
rates on messages, which means user behavior is certainly impacted by
what's in the From and display name.
There's more data here than can be meaningfully summarized. So to pick
one at random about usage of these methods in abuse, read page 11 of
this report:
https://www.proofpoint.com/sites/default/files/pfpt-us-tr-q117-threat-report.pdf
Doesn't contain the word 'behavior'.
Doesn't contain 'from:'
Only 'author' is reference to malware creators, not recipients.
'Recipeint' gets a brief sidebar reference to mail pretending to be from
a top executive. Another sidebar with the word explains 'spoofing' as
impersonation (which, of course, is what it means in the real world, but
not in the email abuse world, which has a much broader definition.
I'll stop now and note that the reference you gave appears to have
nothing to do with the specific behavioral issue I cited.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc