On Sun, Jul 19, 2020 at 8:04 AM Dave Crocker <dcroc...@gmail.com> wrote:
> On 7/18/2020 9:23 PM, Murray S. Kucherawy wrote: > > On Sat, Jul 18, 2020 at 6:32 PM Dave Crocker <dcroc...@gmail.com> wrote: > >> If end users do not reliably make trust decisions based on /any/ of the >> information in the rfc5322.From field, then how is this question >> important. It seems to be seeking precise data about something that >> isn't even secondary. >> > > Google strikes me as the kind of place that would make a decision about > what to show users based on > > Perhaps, but since we don't have their data and we don't have their > decision-criteria -- which might be quite different from what is needed > here -- then it's probably a good idea not to make assumptions about the > utility, nor to put all of the human factors marbles in the google camp. > Certainly it's only one data point, and as I recall it's the one that got the most discussion during the early DMARC work. That's what made me think of it. Data from multiple sources would of course be better, and I'd happily solicit other possible sources. My employer isn't in the inbox game anymore, so I don't have any of my own data to offer. I agree they might be quite different, but they also might not be. Don't know unless we ask. > > I'm less convinced by the notion that all of the RFC5322.From is > disregarded by the preponderance of users when deciding what level of trust > to put in the message's content. That suggests we blindly open and read > absolutely everything, and I suspect that isn't the case. > > 1. That's not what it suggests, at all > Then I don't know what else you might mean by "end users do not reliably make trust decisions based on /any/ of the information in the rfc5322.From field". What other data exist upon which to make trust decisions in the display of a mailbox? > 2. No doubt there is a better way to put this, but I'm not thinking of it, > and this isn't just my second thought on the challenge, but quite a bit > more than that: This demonstrates why the IETF is a very poor venue for > conducting human factors discussions. > No argument here. > Again: There is quite a bit of experience demonstrating that providing > trust indicators to end users does not produce reliable -- ie, useful -- > decision-making by end users. > We appear to be talking past each other. I wasn't talking about trust indicators, but rather whether the RFC5322.From domain is visible. I don't have any reason yet to think trust indicators are effective. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
