Re: [dmarc-ietf] Display address, was Mandatory Sender Authentication

[Alessandro Vesely <vesely@tana.it>]

On Tue 11/Jun/2019 19:28:58 +0200 Dave Crocker wrote:
> On 6/11/2019 8:12 AM, Alessandro Vesely wrote:
>> On Mon 10/Jun/2019 22:17:01 +0200 Dave Crocker wrote:
>>> On 6/10/2019 1:17 AM, Alessandro Vesely wrote:
>>>> On Sat 08/Jun/2019 18:49:03 +0200 Dave Crocker wrote:
>>>>
>>>>> Except that most users don't actually see that address because these days
>>>>> most MUAs only display the display address.
>>>>
>>>>
>>>> We often came across this realization.  Since DMARC hinges on that field, I
>>>> think the spec should include some advice to MUA implementation.
>>>
>>> Unfortunately there is no 'advice' to give that has any utility.
>>>
>>> If you feel otherwise, please try to formulate it, including the basis for
>>> believing it useful, and then try to get community support for it.
>>
>>
>> I'd propose bullets like the following for Section 12.4:
>>
>>      o  In the MUA, it is safe to only show the display name if its
> 
> Sorry, but I asked for evidence of utility.  My guess is that you are only
> thinking in terms of information theory, rather than human factors usability. 
> These produce very, very different results.
> 
> To my knowledge, there is no empirical evidence at all of what RFC5322.From
> display strings are safe or dangerous to show.


I relied on the exception raised in the first quote above.

Actually, the reason why DMARC requires alignment of SPF identifiers is because
"These may be different domains, and they are typically not visible to the end
user."[*]  If the RFC5322.From domain is also not visible to the end user, that
argument is moot.  Yes, that's just theory...


[*] Section 3.1.  Identifier Alignment


>>      o  The authentication status of the message should be visible.
> 
> Why?  What's your empirical evidence of utility for this?


Well, I personally use it and sometimes find it useful.[†]  For a better
statistics, I have a DKIM add-on whose purpose is just to display some
authentication status.  With 10,107 users, it ranks 61st of 1,339 in
Thunderbird's most popular extensions.


[†] I tag _nopass_ messages not matching /^Authentication-Results:.*pass/ and
color them gray in the thread pane.  Many of them can be deleted w/o opening.
(But then I have more pass'es than DMARC provides for.)


>> A user can then arrange her address book so as to make it clear to the MUA that
>> a class of email addresses are equivalent to one another, in order to avoid
>> meaningless alerts.
> 
> What makes you think users want to do this extra work or that they will.
> Evidence to date is that they don't and won't.


I imagined the MUA would prompt the user something like so:

     __________________________________________________
    |                                                  |
    |  "John" appears to be the same in                |
    |                                                  |
    |  <j.doe@example.com>, <johnny.b@goode.example>,  |
    |  and 23 other addresses.                         |
    |   _                                              |
    |  [_]  They're all the same person                |
    |  [_]  Always display the address of "John"       |
    |                                                  |
    |                                                  |
    |     [ FRAUD ]                     [  OK  ]       |
    |__________________________________________________|


The user can thus arrange the address book with two clicks.
Would that work?


Best
Ale
--