Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Alessandro Vesely <vesely@tana.it> Thu, 07 January 2021 10:14 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A94C3A0E80 for <dmarc@ietfa.amsl.com>; Thu, 7 Jan 2021 02:14:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.382
X-Spam-Level:
X-Spam-Status: No, score=-2.382 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.262, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtnbZIhklHjS for <dmarc@ietfa.amsl.com>; Thu, 7 Jan 2021 02:14:29 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DA2F3A0E82 for <dmarc@ietf.org>; Thu, 7 Jan 2021 02:14:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1610014465; bh=1u6io9kHevL9cxahP41S5Wi4/8Vx25K7DhsmlqLnCno=; l=1218; h=To:References:From:Date:In-Reply-To; b=AuW+JnTNPtNqWpCan59Hq4hbZT2Lwa2W6OFR4pDLP/i+pzV3hWmnll9dl7A+HMcPG Nt54MA4I5JUih2wumuksdn+tT4YA9ukL21/SAx/Mf/EZlDIP5t+6qSmMWBZYVTXdGn US7qeUtoixLITX5uLljF5CDqiStdox+PIkKw2Enb8551G72Gc4wEN+ZpKvqUe
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005FF6DF01.000016B6; Thu, 07 Jan 2021 11:14:25 +0100
To: Dave Crocker <dcrocker@gmail.com>, Michael Thomas <mike@mtcc.com>, dmarc@ietf.org
References: <20210104174623.2545154CFF9F@ary.qy> <ae77d9f-6f63-16ca-903a-7cb463a7b58d@taugh.com> <CABuGu1o2t7WaEOh+nsx3_MRUGgGHqKHzQ9302FM9-HL0GxvJvA@mail.gmail.com> <f15c8f53-8075-99a1-83c7-f687200e6a94@gmail.com> <f640ee95-ba0a-6aa7-1a14-2af1db151e27@mtcc.com> <050e8614-c088-a165-a733-35c5eee52eed@gmail.com> <cd3a41e8-cc4f-05eb-5c86-47b0047e8d08@mtcc.com> <d9e23994-8666-5c3f-3e42-9a12a2ed6daf@gmail.com> <974f9dcd-33ec-9d11-7857-3a473f994a2c@mtcc.com> <72d6bc7d-6862-8184-9f16-e1cc14120239@gmail.com> <f9244f50-8748-a395-a412-ca82bfe6bbea@mtcc.com> <4f2250f2-cc1c-5c3e-3d64-fa0e8b4ad086@gmail.com> <fcd84963-48dd-1fd0-a754-769f8cd7b58c@mtcc.com> <cba89cdb-40c6-48ff-45a0-287117a90385@gmail.com> <215493fa-a033-e5b0-ce8d-4a409ae93684@mtcc.com> <fa04ac5d-3a9f-5546-c77b-e6ddb5c1b1d4@gmail.com> <b3d77e5a-8024-218f-cd3c-6286f9ecd7dc@mtcc.com> <a7e6944a-363c-9d40-9cd9-1fe640ea6cfb@gmail.com> <e509cd25-19f9-ae75-ba62-30173af6857b@mtcc.com> <aee386fe-54ee-a01c-bd0c-80eb940ca185@gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <72e6d5f9-1dc2-1d32-25ce-e5b208895bd8@tana.it>
Date: Thu, 7 Jan 2021 11:14:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <aee386fe-54ee-a01c-bd0c-80eb940ca185@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZhKw9kOIPOYRnoBt399QBAzaL4g>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2021 10:14:31 -0000

On Wed 06/Jan/2021 00:55:41 +0100 Dave Crocker wrote:
> On 1/5/2021 3:50 PM, Michael Thomas wrote:
>>>
>> Quit cutting out needed context to make your points. The study directly 
>> contradicts your categorical statement.
> 
> Except that it doesn't.
> 
> Feel free to provide an serious explanation of why you think otherwise, but 
> please put some effort into accurately representing what I said or what the 
> study shows.  Attention to detail will help.  Conclusions are less important 
> than showing your work.


The report says:
     This returns the email-opening rate of 53.4% and 48.9%. Among these users,
     the corresponding click-through rates are 48.9% (without security
     indicator) and 37.2% (with security indicator) respectively. The
     results indicate that security indicators have a positive impact to reduce
     risky user actions.
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf


You said:
     My point is that we have decades of belief that it's useful but no
     demonstration that it actually is.  And we have history such as the EV
     effort, showing that it isn't.
https://mailarchive.ietf.org/arch/msg/dmarc/r7unHaCXKKFeotbjU1pL-Jx4f_o


Best
Ale
--