Ultimately, this becomes a question of power. Do domain owners have the right, with the help of their correspondents, to prohibit spoofing (unauthorized use) of their digital identity?Or since they are technically leaseholders, not owners, are their rights conditional? Specificslly, do Internet insiders have the right to declare their spoofing control efforts to be based on foolish premises, both unnecessary and inconvenient, and therefore not allowed?<div> </div><div> </div><!-- originalMessage --><div>-------- Original message --------</div><div>From: Dave Crocker <dcroc...@gmail.com> </div><div>Date: 7/19/20 8:53 PM (GMT-05:00) </div><div>To: "Murray S. Kucherawy" <superu...@gmail.com> </div><div>Cc: IETF DMARC WG <dmarc@ietf.org> </div><div>Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations </div><div> </div>On 7/19/2020 5:04 PM, Murray S. Kucherawy wrote: > On Sun, Jul 19, 2020 at 11:33 AM Dave Crocker <dcroc...@gmail.com > <mailto:dcroc...@gmail.com>> wrote: > > The track record is that people are unreliable at this. > > There is quite a bit of distance between 'unreliable' and 'blindly > open and read absolutely everything'. > > Is there?
Yes. > If there's no part of the From field that can be considered reliable, > then by opening even this email am I not exhibiting nearly-blind faith > that the indicators I can see (in this case the string "Dave Crocker > (gmail.com <http://gmail.com>)") have not been falsely generated? How > is this message, in terms of its trustworthiness, different from any > other? It's an act of curiosity, not faith. You know that mail can be spoofed. You might even suspect that I'm capable of lying. (Silly, I know, but...) Or that I might be wrong. (Truly a foolish thought.) So the process of deciding on the validity and worth of my message is incremental and heuristic. Human evaluation processes vary, but mostly are pretty complex. Except when they aren't, though then it's often problematic. Mostly, your line of comments is trying to apply logical reasoning, which is rarely helpful in assessing human behavior. All of which is why this is a really terrible forum for making assertions or, worse, decisions, about end-user behavior. Whereas talking in terms of receiving filtering engines is both simpler and more useful. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
