IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

Dave Crocker <dcrocker@bbiw.net> Sun, 27 September 2020 13:06 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFB03A0658 for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 06:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bbiw.net header.b=WJbAG2ta; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ObBWi7Ip
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hq2cc1r2uTHP for <dmarc@ietfa.amsl.com>; Sun, 27 Sep 2020 06:06:28 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2A13A0F09 for <dmarc@ietf.org>; Sun, 27 Sep 2020 06:06:28 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id B975E5C008B; Sun, 27 Sep 2020 09:06:27 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sun, 27 Sep 2020 09:06:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbiw.net; h= subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=fm3; bh=/ Io0bFl+P4j/Gh8dneI/qFTdSKmVqvi7v/HLnwMTTd0=; b=WJbAG2taybQsA2Cf6 7mAv2JUMIO0ZqNOfqvyzfytXHn+j1zFv2DPIPr3owDmRpJyO4Yu6wetvb1FH5Dou AsbwAKJBewxifpWvcZs7r1CrjXCnBJjoPOnQZ6zWax+IXAr5Rc0z4cG+Y3N3Xxmj +kSjsgUS6l3ji+BRKQJ9A+bGcZmAcj/uCKv9zqOqkax7Wssf55GUvupp53p8gpqo +lU0kdOfPZtzZRagA2my/abVJsSbkub2+NA29aINYgJIFMxc1bXEXC617mp0ID8f fBhfsV4K7hpdbrsegH1MUaqUwRMbu7J4RqEQYtTfX3vipl0g1J0/eZeAYZcxnm56 B9tgA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=/Io0bFl+P4j/Gh8dneI/qFTdSKmVqvi7v/HLnwMTT d0=; b=ObBWi7IpChwbehtbiSQ5r29RZ6rZ9mgYPg0SPbBuSGDFLAfkGntNH3xne x99v5dB5k8CEfCuorJNKUf4hlDEYdkbdUziLK9inDTTz+CFMA9jwqe5daqloMjHq 60NqDEUqNLpQr5tb0HUYms1IGoD7i5kAgmG+VFvRmpAjmEniu0meDjfLEzMvWQz0 C/4VP7EwzoulS7UHTUjqfCn8zVT/lNXGkoXmCxaBBCzbV7VeIfv0wkU4DTYmkORr LY9di9gbNNArfN0CoMk8HOGzTSOkWsfQwUKp6JbT4k8r5HZINY6R+8zi6kqRF9jE qjl25N7HkfRXGEkCFIuENmXGqhgWg==
X-ME-Sender: <xms:Uo5wX9VULkPn9pJIjJ90n14cM5cgHKR5xY8dDI6jLFD2YLYCB8-VNQ> <xme:Uo5wX9mYQ21mWUraHrb1NSfZZh32fcKC-S52BRp8UfwgpU1o9URxqd0dq38ESX98E rnxJthP019-SOYGxw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdeggdeivdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefuvfhfhfhokffffgggjggtgfesthekredttdefjeenucfhrhhomhepffgrvhgv ucevrhhotghkvghruceouggtrhhotghkvghrsegssghifidrnhgvtheqnecuggftrfgrth htvghrnheptedtveehlefhledutdffuddtfeevffdvfefggfejjefggedvfeehfffgheef gfeinecuffhomhgrihhnpegsrhhofihsihhnghdrshhopdgssghifidrnhgvthenucfkph epvdegrddufedtrdeivddrudekudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpegutghrohgtkhgvrhessggsihifrdhnvght
X-ME-Proxy: <xmx:Uo5wX5Zih06HL2gwH3oUxXmYwebUzvxUp96mrj9mvZW90R4FqAkhIg> <xmx:Uo5wXwUqY03ozGikyqb968USuT-3Okobt-46i91vm4T68x-KZSrZeg> <xmx:Uo5wX3km2VlXhCve8UbNhIWR-sxKmtsyAu6RzlNoPdO8ghAlH6YPyQ> <xmx:U45wX9Stxl8EpdYwxlYDAc61N06IZnWlikratLbNeYlXYijcMjktqg>
Received: from [192.168.0.109] (c-24-130-62-181.hsd1.ca.comcast.net [24.130.62.181]) by mail.messagingengine.com (Postfix) with ESMTPA id 7B9833064674; Sun, 27 Sep 2020 09:06:26 -0400 (EDT)
To: Alessandro Vesely <vesely@tana.it>, dmarc@ietf.org
References: <20200815225306.967CC1E9E41D@ary.local> <6089649.VB6F1bvo3X@zini-1880> <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net> <6484002.GchzCIbhPQ@zini-1880> <aa8eb7e5-e16f-e99d-2164-5654ed0024dd@dcrocker.net> <af165f28-fab7-c339-1808-4c14e21631b4@tana.it> <12885242-5aed-ebba-644c-f629aac798ed@dcrocker.net> <52e6d0a6-3997-761f-b1b1-85420812691c@tana.it>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
Message-ID: <6a1198c4-9b2e-e812-4833-79b52b13e04b@bbiw.net>
Date: Sun, 27 Sep 2020 06:06:24 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <52e6d0a6-3997-761f-b1b1-85420812691c@tana.it>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/E5T_yAvOw3AvwwasSW1PD5lQGZg>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 13:06:30 -0000

On 9/27/2020 2:20 AM, Alessandro Vesely wrote:
> On Sat 26/Sep/2020 15:06:54 +0200 Dave Crocker wrote:
>> On 9/26/2020 3:31 AM, Alessandro Vesely wrote:
>>> A pointer to a better aimed report circulated on this list:
>>
>> An unrefereed presentation (not paper) about a single experiment is 
>> better than a summary of an industry-wide effort that failed?
> 
> 
> I meant aimed at email rather than web browsing.

So?

If you think the industry-wide experiment that focused on signalling a 
trust indicator and failed is less relevant than a small, single, 
unrefereed paper about a preliminary and poorly-design research project 
is somehow less relevant, please explain.


>> And, for the current discussion, there's the troublesome summary the 
>> they give about their own study:
>>
>>> 1. Warning only slightly lowers the click rate
>>> 2. The absolute click rate is still high
>>
>> The key words there are "slightly" and "still high".
> 
> 
> "If one person eats a chicken and another person doesn't eat anything, 
> on average they both ate half a chicken".  That's how statistics 
> distorts reality. 

The fact that you think this statement is somehow meaningful suggests a 
rejection of an entire, established field of study based on not 
understanding it.


> I'm sure there are users who watch authentication 
> results, and usually take no bait.  For them,  "slightly" and "still 
> high" don't hold.

Except that individual cases are not the basis for establishing 
industry-wide practice.  Industry-wide behaviors are.

An occasional example simply isn't relevant.  That's the difference that 
legitimate statistical analysis provides.


> 
> And, there's increasing activity about anti-phish employee training.  As 
> a consequence, the importance of visual hints is bound to increase.

Excellent.  So that means you can point to studies that show how 
effective such training is.  Because the general sense is in the 
anti-abuse community is that it has little effect.  But if you know of 
studies to the contrary, it would very useful to hear about them.



>> Prompting the question of why anyone would think this study serves as
>> demonstrating strong support for the role of end-users in abuse 
>> protection?
> 
> That wasn't the goal of the presentation, AFAIUI.

However it /was/ the apparent reason it was cited.


> 
> At any rate, I don't think that demeaning users can be a long term 
> strategy toward a more evolved society.  Albeit it may work 99% of 
> times, delegating decisions to a security manager is a limitation.  It 
> is possible, at least in theory, that a message is considered a phish by 
> some but not by others.  In illiberal countries that's all the more likely.
> 
> 
>> All of which demonstrates a basic problem with efforts to discuss 
>> human-related work: difficulties in understanding how to evaluate 
>> research and research patterns, with a tendency to instead lean on 
>> confirmation bias.
> 
> 
> That's why it is important to enable each and every soul to exert their 
> own judgements.

Actually, it's not.

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email