Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
Alessandro Vesely <vesely@tana.it> Sun, 27 September 2020 09:20 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87523A0B75 for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 02:20:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJ3I48y2HPEx for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 02:20:50 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B2123A0B6B for <dmarc@ietf.org>; Sun, 27 Sep 2020 02:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1601198445; bh=1a08yofApjtjO8YkQyk7tiGehZonYDWn+ZC+1LlG8rI=; l=1984; h=To:References:From:Date:In-Reply-To; b=BztPJN2a8gkwzadSEqWVYhmILvechmqrVKIrsnlQhn7Ysyt7wVnnjFXrJrjgPoSZ4 GpObw+OIbWG8K8PluoXkGGeATZNhKENfcVMOF/nWjeZ0SJ0XfV1tarw/XBTHNXa8ag lG0TLx8vFwqdgmvaYvPnf+crfSpZUQIpoid1TMyF314OHsyZoiPGY+LiWFqRi
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC050.000000005F70596D.00005F12; Sun, 27 Sep 2020 11:20:45 +0200
To: dcrocker@bbiw.net, dmarc@ietf.org
References: <20200815225306.967CC1E9E41D@ary.local> <6089649.VB6F1bvo3X@zini-1880> <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net> <6484002.GchzCIbhPQ@zini-1880> <aa8eb7e5-e16f-e99d-2164-5654ed0024dd@dcrocker.net> <af165f28-fab7-c339-1808-4c14e21631b4@tana.it> <12885242-5aed-ebba-644c-f629aac798ed@dcrocker.net>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <52e6d0a6-3997-761f-b1b1-85420812691c@tana.it>
Date: Sun, 27 Sep 2020 11:20:45 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <12885242-5aed-ebba-644c-f629aac798ed@dcrocker.net>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/3lksGGwhxOMn6rOxmodwt1YVFCE>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 09:20:52 -0000
On Sat 26/Sep/2020 15:06:54 +0200 Dave Crocker wrote: > On 9/26/2020 3:31 AM, Alessandro Vesely wrote: >> A pointer to a better aimed report circulated on this list: > > An unrefereed presentation (not paper) about a single experiment is better than > a summary of an industry-wide effort that failed? I meant aimed at email rather than web browsing. > And, for the current discussion, there's the troublesome summary the they give > about their own study: > >> 1. Warning only slightly lowers the click rate >> 2. The absolute click rate is still high > > The key words there are "slightly" and "still high". "If one person eats a chicken and another person doesn't eat anything, on average they both ate half a chicken". That's how statistics distorts reality. I'm sure there are users who watch authentication results, and usually take no bait. For them, "slightly" and "still high" don't hold. And, there's increasing activity about anti-phish employee training. As a consequence, the importance of visual hints is bound to increase. > Prompting the question of why anyone would think this study serves as > demonstrating strong support for the role of end-users in abuse protection? That wasn't the goal of the presentation, AFAIUI. At any rate, I don't think that demeaning users can be a long term strategy toward a more evolved society. Albeit it may work 99% of times, delegating decisions to a security manager is a limitation. It is possible, at least in theory, that a message is considered a phish by some but not by others. In illiberal countries that's all the more likely. > All of which demonstrates a basic problem with efforts to discuss human-related > work: difficulties in understanding how to evaluate research and research > patterns, with a tendency to instead lean on confirmation bias. That's why it is important to enable each and every soul to exert their own judgements. Best Ale --
- [dmarc-ietf] Call for Adoption: DMARC Use of the … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Joseph Brennan
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Rolf E. Sonneveld
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Laura Atkins
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … David I
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jim Fenton
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Brandon Long
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Tim Wicinski
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John R Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … ned+dmarc
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … John Levine
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Kurt Andersen (b)
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Scott Kitterman
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dotzero
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Alessandro Vesely
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] I Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- [dmarc-ietf] Objections to Sender header as overr… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Brandon Long
- Re: [dmarc-ietf] Objections to Sender header as o… Murray S. Kucherawy
- Re: [dmarc-ietf] Objections to Sender header as o… Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Hector Santos
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Seth Blank
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Dave Crocker
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Jesse Thompson
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Douglas E. Foster
- Re: [dmarc-ietf] Call for Adoption: DMARC Use of … Vittorio Bertola
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… John Levine
- Re: [dmarc-ietf] ARC usage, was Call for Adoption… Jesse Thompson