IETF Logo Mail Archive

Re: [dmarc-ietf] Why are MUAs hiding or removing the From address?

Brandon Long <blong@google.com> Tue, 21 July 2020 17:28 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41BBC3A0C80 for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 10:28:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OiiMONQqCbsp for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 10:28:25 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B175E3A0C7F for <dmarc@ietf.org>; Tue, 21 Jul 2020 10:28:25 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id j186so10815308vsd.10 for <dmarc@ietf.org>; Tue, 21 Jul 2020 10:28:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6him4gJlv2rtdoZbBFfHK52X9FxbMmlhAgQJuUVWpFA=; b=MRvnwYF3FFRIM5cAlhjRR4qKUuKTZM0uRhv2l7K5cbF7SrjVeppdqzLEKdOJTDp2Yh NfMepk2EGaiElx1VXENsUTasssM5Tu/VS/+f5zn8A1OKjTQIbtf2SXJwy/ENe+Ia7Iqf vQ8CHGDefTnA1BYgm84wVB5cyq8XYU9IQ34O1J2Ff0V2R8hHk3CqNblUkcXKUOWl7s2W Ft0hEAxuXdFjosh+rZ9iDmxG1n1MNB/gLm37wrfMKR+V5Gul5jllv5l3JkTzAPiktqXW qiRiUqGfm4blwfO4Nmmj9aOASKHJIL5sRZlxTpiayzQnnu20oq/y+HonoVXVY8W6ZTcA 4swg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6him4gJlv2rtdoZbBFfHK52X9FxbMmlhAgQJuUVWpFA=; b=kBATYtzP6ujaoS1M9QFTZixiCChq2WE4LIkvnxH5LY3PvNf9WGk0GYpyGqhoisz9WD OGNQ3tMN9XujmahfJ8KYoZkelw581R6+20DT3KY3uGVFuqh3cOT1Z0wO4v/ySoutAtet /LB9dOSLPwODgsJyuFgubeGQrll8JkRSv+5I6BJ5ROfJqI/61LxK6EIUr67OuLzqkbvT 4EG76H159Dp9JTk/ylNPndpW3xliCUMTUUrsSHYQm0UwbEn4CCTmvSksKPd5T/+k90X6 o8OPz3ClFgMI0TRZrpKO4kpVp+uxHWDODc0YSWFW5w55kYGEKRjVHnZ5bL2Z9wsDIpYq wKzA==
X-Gm-Message-State: AOAM530clI5G20ZQ33P+v3wpX/a9/jqxPd+6PiR8MTzO7AiKcI4Ckw4H SDY4KfN+ISIkHMODFokIowNoRNaVCml+4FJkIJMD
X-Google-Smtp-Source: ABdhPJz5+kLCkkZXaXATfs58M971IdzBHz7EyAkAJ4C+zbVFiDAlgwnRuHWdxvTZbD+ITaWTI6USbjOkiGpuu4J+OXM=
X-Received: by 2002:a05:6102:1002:: with SMTP id q2mr21673553vsp.238.1595352504492; Tue, 21 Jul 2020 10:28:24 -0700 (PDT)
MIME-Version: 1.0
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com> <5AF00366-DB28-41CB-A1C4-F5BCA77EC969@wordtothewise.com> <CAL0qLwZRYb4yk_WJKizR0UA97XK3VedfZw73YgyTPHuOpxZQhQ@mail.gmail.com> <74a6fb5f7578452f9080cddb8ebbc8f5@bayviewphysicians.com>
In-Reply-To: <74a6fb5f7578452f9080cddb8ebbc8f5@bayviewphysicians.com>
From: Brandon Long <blong@google.com>
Date: Tue, 21 Jul 2020 10:28:12 -0700
Message-ID: <CABa8R6uLz6_rcGRXzoVM934HYAzNCdAG8txxkhBmYLPM25dffg@mail.gmail.com>
To: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, Laura Atkins <laura@wordtothewise.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000052cca705aaf6f36a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ucpkIIsg0nPPBcPCQD6sEeO5Vj0>
Subject: Re: [dmarc-ietf] Why are MUAs hiding or removing the From address?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 17:28:27 -0000

Do sms/mms programs show the phone number any more?  I think there's been a
deliberate strategy to make email clients more like
other messaging clients, and the technical parts like the actual address
are details that most of the time aren't useful to the user... when
they're not being spoofed, of course, or otherwise need to differentiate
between multiple addresses for the same person.

Brandon

On Tue, Jul 21, 2020 at 4:06 AM Douglas E. Foster <
fosterd@bayviewphysicians.com> wrote:

> I would like a better understanding of why MUAs are hiding or removing the
> FROM address.
>
> I have one mail store that formerly used hover-to-view, but recently
> changed to always-show.   This was done in response to a client request on
> their support forum.  I have never seen a user ask for the From address to
> be hidden or removed.  I wonder if this trend is driven only by attempts to
> optimize display space.   It would be a shame to weaken our protocols in
> response to this trend, if the trend lacks a theoretical foundation.
>
> I also wonder if the trust indicator research is being over-applied when
> it is applied to the From Address.    From Address is a unique identifier,
> while Friendly Name is not.   A trust indicator is like putting a green
> check mark next to the From Address as a trust indicator.   They have
> different levels of relevance.
>
> One attack method steals a contact list, then emails people in that
> contact list using friendly names of others in that list.   Hiding the From
> Address plays into that attack.
>
> This trust-indicator research also promotes despair.  The conclusion is
> that users process information poorly.   This result then becomes an excuse
> to withhold information from those users, or to allow misleading
> information to be presented to them.    I am not convinced that those are
> appropriate responses.   "Never" is a hard thing to prove.  So it is risky
> to say users "Never" use available information correctly, and "cannot be
> taught" to do better.
>
> Attack filtering is designed on a layered defense and a sequence of
> probabilities:
>
>    - What is the probability that this attack will get through my spam
>    filter?
>    - What is the probability that the user will read the message?
>    - What is the probability that the user will click on the hostile link?
>    - What is the probability that my web filter will allow access to the
>    hostile website?
>    - What is the probability that the web filter will allow the attack to
>    be downloaded?
>    - What is the probability that my antivirus program will allow the
>    attack to proceed?
>
> The goal is to decrease the probability of a wrong decision at each point
> in the process.   All I need is for some people to act smarter on some
> occasions in response to some available clue.   But this cannot happen if
> the clue is not provided..
>
> Doug Foster
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email