Wow. I'll ask folk to reread my text, here, carefully, since it specified something quite narrow and concrete, but is somehow being taken to have meant something broad and general:

On Tue, Jun 2, 2020 at 1:46 PM Dave Crocker <dcroc...@gmail.com <mailto:dcroc...@gmail.com>> wrote:
However there appears to be no actual evidence that lying in the From field affects end user behaviors, and certainly none that lying in the From field about the domain name does.


And again, there are all sorts of threats and all sorts of bad behaviors, but the question is whether a particular kind of bad actor behavior affects recipient end-user behavior.

And the specific kind is lying about the From: field domain name.

Please point to specific research -- not an extended report with lots of varying content.


On 6/2/2020 2:30 PM, Seth Blank wrote:
There are decades of data that prove just this.

As I said, we did an extensive literature search at the beginning of the BIMI and there was no supporting research.

So now let's look at the purported counter-example you provided:

On the abuse side, Microsoft, Google, Proofpoint, Mimecast, and others (including Valimail) have all published reams of research reports over the years. On the marketing side, there's another decade or two of data about how properly crafting the From materially impacts open rates on messages, which means user behavior is certainly impacted by what's in the From and display name.

There's more data here than can be meaningfully summarized. So to pick one at random about usage of these methods in abuse, read page 11 of this report: https://www.proofpoint.com/sites/default/files/pfpt-us-tr-q117-threat-report.pdf

Doesn't contain the word 'behavior'.

Doesn't contain 'from:'

Only 'author' is reference to malware creators, not recipients.

'Recipeint' gets a brief sidebar reference to mail pretending to be from a top executive. Another sidebar with the word explains 'spoofing' as impersonation (which, of course, is what it means in the real world, but not in the email abuse world, which has a much broader definition.

I'll stop now and note that the reference you gave appears to have nothing to do with the specific behavioral issue I cited.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to