On 7/19/2020 11:08 AM, Murray S. Kucherawy wrote:
gain: There is quite a bit of experience demonstrating that
providing trust indicators to end users does not produce reliable
-- ie, useful -- decision-making by end users.
We appear to be talking past each other. I wasn't talking about trust
indicators, but rather whether the RFC5322.From domain is visible. I
don't have any reason yet to think trust indicators are effective.
The view that the From: address, or domain, or Display-Name is used, by
end-users, for assessing the trustworthiness of a message means it/they
are used as trust indicators.
The track record is that people are unreliable at this.
There is quite a bit of distance between 'unreliable' and 'blindly open
and read absolutely everything'.
In any event...
The essential point that needs to be made is that standards like this
MUST NOT be cast in terms of what end users will do. In practical
terms, this work has nothing to do with end users. Really. Nothing.
To the extent that anyone wants to make an affirmative claim that
end-users /are/ relevant to this work, they need to lay that case out
clearly, carefully, and with material that provides objective support.(*)
By contrast, say that this work provides input to a receiving filtering
engine made the work easy to explain and understand and defend.
d/
(*) I've seen one posting here or somewhere else that noted that letting
bad mail through can lead to end-users being deceived. I'll claim that
while true, it is not relevant, since the behavior happens after DMARC,
and the like, are relevant. That is, DMARC, etc., do not inform the
end-user behavior.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
