On Tue, Jun 2, 2020 at 3:42 PM Dotzero <dotz...@gmail.com> wrote: > Actually Seth, you are flat out wrong. I was there and part of it. It was > not about signaling. It was implemented at the MTA level and was about > preventing the "badness" from reaching the end user rather than signaling > to the end user. >
Michael, there's a crossed wire here-- I didn't mean to communicate that DMARC is in any way about signaling. I'm in complete agreement here. The point I was trying to make is that consumers are susceptible to fraud, and the system needs to stop these messages before they ever get in front of a user. The signal I was talking about is from the data: when something tries to authenticate to an MTA but then tell the user it's someone else. That's what alignment fixes and what's so powerful about DMARC. > Google experimented with displaying "keys" and Microsoft experimented with > displaying "shields". Neither of those efforts were integral to the DMARC > effort. My own experience is that a significant percentage of end users > will click on just about anything. This was validated in the 2007 timeframe > during some phishing runs where the bad guys actually left some tracking > code on a fake WWW landing page the email links led to. It was also > validated during the Storm Worm when the links used IP Addresses. This > issue has been validated at other points and times. Individual sending > organizations and receiving domains have been generally reluctant to > release data because it might expose company confidential information. > Aggregated isn't so useful because there are significant variations in > company efforts - not just with DMARC - that impact outcomes. So far, > signaling to the end user doesn't have a particularly good track record. > > DMARC started as a private effort among a handful of private parties. when > it was successful in stopping direct domain abuse for a handful of sending > domains at a handful of receivers we started discussing whether the > approach could be codified as a standard to enable others to benefit from > the approach. The origins and history are important in understanding why > DMARC is what it is. > I'm in complete agreement with this, and didn't mean to convey otherwise. > > Michael Hammer > >>
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc