Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Laura Atkins <laura@wordtothewise.com> Mon, 20 July 2020 08:59 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CAA13A0A2D for <dmarc@ietfa.amsl.com>; Mon, 20 Jul 2020 01:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlBmJuxD-lqn for <dmarc@ietfa.amsl.com>; Mon, 20 Jul 2020 01:59:50 -0700 (PDT)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id 715DA3A09DA for <dmarc@ietf.org>; Mon, 20 Jul 2020 01:59:42 -0700 (PDT)
Received: from [192.168.0.227] (unknown [37.228.245.144]) by mail.wordtothewise.com (Postfix) with ESMTPSA id F1D739F149; Mon, 20 Jul 2020 01:59:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1595235581; bh=iXG760UfwcuO7U/ZwBiZCiZTyzCMbDNYOEUeQZ9evIs=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=XNPl/DBwSqiF6D6hhULfqzATKdzssZPHJV4gUEKsjMiAw72EpUKvuVFg16/Vhtc9g 7G83V96UmSGwQtLOikiBDxIrhjEj9vDzgE5jGoXqWSnpXDUkNhiO1/B+bNI/nNLONY gS/A7/L93+HFDZ+fjyqdLJ3ERk71pBopE1GKZsvk=
From: Laura Atkins <laura@wordtothewise.com>
Message-Id: <5AF00366-DB28-41CB-A1C4-F5BCA77EC969@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2273948B-C3BB-4551-875E-6FC5B9AC8CFF"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Mon, 20 Jul 2020 09:59:38 +0100
In-Reply-To: <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/RLQWwtLUntCBOTDH2f26l9nAxVg>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2020 08:59:58 -0000

> On 19 Jul 2020, at 19:08, Murray S. Kucherawy <superuser@gmail.com> wrote:

>>    I'm less convinced by the notion that all of the RFC5322.From is disregarded by the preponderance of users when deciding what level of trust to put in the message's content. That suggests we blindly open and read absolutely everything, and I suspect that isn't the case.
> 1. That's not what it suggests, at all
> 
> Then I don't know what else you might mean by "end users do not reliably make trust decisions based on /any/ of the information in the rfc5322.From field".  What other data exist upon which to make trust decisions in the display of a mailbox?

There was a research project done by an inbox provider and a major supporter of DMARC presented at a MAAWG meeting a few years ago. They tried adding trust indicators to the message list but found no statistically significant behavioral changes by users. Given the conference policies, I hesitate to mention it here, but there is research. There’s also a conference paper I found, done by a computer science research team at VA Tech that looked at this as well. 

This question is actively being studied and there is research out there. We don’t need to speculate or bring in individual opinions, we can look at the different studies folks have done. 
> 2. No doubt there is a better way to put this, but I'm not thinking of it, and this isn't just my second thought on the challenge, but quite a bit more than that:  This demonstrates why the IETF is a very poor venue for conducting human factors discussions.
> 
> No argument here. 
> Again: There is quite a bit of experience demonstrating that providing trust indicators to end users does not produce reliable -- ie, useful -- decision-making by end users.
> 
> We appear to be talking past each other.  I wasn't talking about trust indicators, but rather whether the RFC5322.From domain is visible..  I don't have any reason yet to think trust indicators are effective.

Most clients these days seem to be hiding the RFC5322.From domain from the individual end users. Mail.app on OSX does unless you change that setting specifically (and it seems every few upgrades they reset the setting and then hide the checkbox again). The iOS mail app doesn’t even have a setting to change that I’ve been able to find. I seem to remember the last time I set up a mailbox on Thunderbird (pre-2016 election as I was tracking some candidate mail) they also hid the 5322.From address. 

There was another comment elsewhere about why not change the 5322.from address if it’s not visible to the enduser, and there are 2 reasons I have for that: The ability to search for mail from a particular author and the ability to block mail from a particular author. Rewriting the From: address always breaks the first. Some mailing lists point the Reply-To: to the original author which means some kinds of filtering can trigger off that. Other mailing lists point Reply-To: to the list address, which breaks the second. Both things are important to mailing list usability.

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
laura@wordtothewise.com
(650) 437-0741		

Email Delivery Blog: https://wordtothewise.com/blog