IETF Logo Mail Archive

Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field

ned+dmarc@mrochek.com Sat, 26 September 2020 22:32 UTC

Return-Path: <ned+dmarc@mrochek.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9B333A0CCA for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 15:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4juPkXTx8s2 for <dmarc@ietfa.amsl.com>; Sat, 26 Sep 2020 15:32:08 -0700 (PDT)
Received: from plum.mrochek.com (plum.mrochek.com [172.95.64.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72E103A0CC8 for <dmarc@ietf.org>; Sat, 26 Sep 2020 15:32:08 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQ3SHC1FFK00ATAK@mauve.mrochek.com> for dmarc@ietf.org; Sat, 26 Sep 2020 15:27:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1601159226; bh=/q53+VlZ81J1Msou6TS2KF6Rf0Y/kn1ZcmwRusZ7uLg=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=V/bArppl2/pkOUC/pcZODsmInejZsgEbqH6DomXiPWCgfoNG0qWNvHmAaBuC0DH/S fc3ONR6V79YtCMPwDL2r2rwVDItvyM77L7ouzNo0GRn2wdsApCLuzAHfVHgAxhHL/F 5vANJpoRLVBUKUcUbRVgcGJWj9Lb6lGmVsGtva0w=
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: TEXT/PLAIN; charset="utf-8"; format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RQ0J6W8U3K005PTU@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for dmarc@ietf.org; Sat, 26 Sep 2020 15:27:03 -0700 (PDT)
From: ned+dmarc@mrochek.com
Cc: Scott Kitterman <sklist@kitterman.com>, IETF DMARC WG <dmarc@ietf.org>
Message-id: <01RQ3SHAANYW005PTU@mauve.mrochek.com>
Date: Sat, 26 Sep 2020 15:21:00 -0700
In-reply-to: "Your message dated Fri, 25 Sep 2020 20:03:51 -0700" <aa8eb7e5-e16f-e99d-2164-5654ed0024dd@dcrocker.net>
References: <20200815225306.967CC1E9E41D@ary.local> <6089649.VB6F1bvo3X@zini-1880> <159dc0da-0f34-fa71-e20f-89135f14182e@dcrocker.net> <6484002.GchzCIbhPQ@zini-1880> <aa8eb7e5-e16f-e99d-2164-5654ed0024dd@dcrocker.net>
To: Dave Crocker <dhc@dcrocker.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/cqFmJwze3nZK2nqzFMUlKg_l1lo>
Subject: Re: [dmarc-ietf] Call for Adoption: DMARC Use of the RFC5322.Sender Header Field
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 22:32:10 -0000

> ...

> Well, ok, here's one that shows lack of efficacy, and it's a big one: 
> EV-certs

> /Google to bury indicator for Extended Validation certs in Chrome
> because users barely took notice/

> https://www.theregister.com/2019/08/12/google_chrome_extended_validation_certificates/

> "The reason is simple. "Through our own research as well as a survey of
> prior academic work, the Chrome Security UX team has determined that the
> EV UI does not protect users as intended... users do not appear to make
> secure choice..."

To be fair, this is looking at positive security indicators, not negative
ones. But there are plenty of other studies looking at the more general
case. Here's one that seems relevant to DMARC:

   Do Security Toolbars Actually Prevent Phishing Attacks?
   https://dl.acm.org/doi/pdf/10.1145/1124772.1124863

   Abstract:

   Security toolbars in a web browser show security-related
   information about a website to help users detect phishing
   attacks. Because the toolbars are designed for humans to
   use, they should be evaluated for usability - that is, whether
   these toolbars really prevent users from being tricked into
   providing personal information. We conducted two user
   studies of three security toolbars and other browser security
   indicators and found them all ineffective at preventing
   phishing attacks. Even though subjects were asked to pay
   attention to the toolbar, many failed to look at it; others
   disregarded or explained away the toolbars' warnings if the
   content of web pages looked legitimate. We found that
   many subjects do not understand phishing attacks or realize
   how sophisticated such attacks can be. 

				Ned

v2.23.0 | Report a Bug | By Email