On Sun, Jul 19, 2020 at 11:33 AM Dave Crocker <dcroc...@gmail.com> wrote:
> On 7/19/2020 11:08 AM, Murray S. Kucherawy wrote: > > gain: There is quite a bit of experience demonstrating that providing >> trust indicators to end users does not produce reliable -- ie, useful -- >> decision-making by end users. >> > We appear to be talking past each other. I wasn't talking about trust > indicators, but rather whether the RFC5322.From domain is visible. I don't > have any reason yet to think trust indicators are effective. > > The view that the From: address, or domain, or Display-Name is used, by > end-users, for assessing the trustworthiness of a message means it/they are > used as trust indicators. > > The track record is that people are unreliable at this. > > There is quite a bit of distance between 'unreliable' and 'blindly open > and read absolutely everything'. > Is there? If there's no part of the From field that can be considered reliable, then by opening even this email am I not exhibiting nearly-blind faith that the indicators I can see (in this case the string "Dave Crocker (gmail.com)") have not been falsely generated? How is this message, in terms of its trustworthiness, different from any other? -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
