IETF Logo Mail Archive

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Laura Atkins <laura@wordtothewise.com> Tue, 21 July 2020 07:59 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882C13A14C0 for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 00:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiIyw5D5XmAh for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 00:59:48 -0700 (PDT)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id A5BF83A14BF for <dmarc@ietf.org>; Tue, 21 Jul 2020 00:59:48 -0700 (PDT)
Received: from [192.168.0.227] (unknown [37.228.245.144]) by mail.wordtothewise.com (Postfix) with ESMTPSA id 752279F149 for <dmarc@ietf.org>; Tue, 21 Jul 2020 00:59:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1595318388; bh=P9xHGagGDNY8me9IVtC9iB4XLkaq9/l8NcufI2TMA3I=; h=From:Subject:Date:References:To:In-Reply-To:From; b=BOA50ZQFG6+adNik1WY6XU5L4P4ryBmMBITY9RFNhVL3spwek83OasFdjSJQJZpiX Yy6V3Ep1Bcchkvr4wbVcVGmo4dXmInXwnqE1PQEzrtW8XCer+wYcZ2ZphF+VmrY+Xk U6cp+CuesbGZ0+VPUDwWsIgtqgULbB76ceZtxfIY=
From: Laura Atkins <laura@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0043228A-A02C-4EBE-9C46-4F2AC0292BA0"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 21 Jul 2020 08:59:46 +0100
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com> <5AF00366-DB28-41CB-A1C4-F5BCA77EC969@wordtothewise.com> <CABa8R6vm39JLWGkah7kLzmdkh24jdV1eUNGQdJOdcac=Pi0xNA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
In-Reply-To: <CABa8R6vm39JLWGkah7kLzmdkh24jdV1eUNGQdJOdcac=Pi0xNA@mail.gmail.com>
Message-Id: <42D76A26-D947-4759-AF2C-8857568D3497@wordtothewise.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vMWlkl5a4L76h1vrj8UBhMejD1g>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 07:59:51 -0000


> On 21 Jul 2020, at 00:20, Brandon Long <blong=40google.com@dmarc.ietf.org> wrote:
> 
> 
> 
> On Mon, Jul 20, 2020 at 2:00 AM Laura Atkins <laura@wordtothewise.com <mailto:laura@wordtothewise.com>> wrote:
> 
>> On 19 Jul 2020, at 19:08, Murray S. Kucherawy <superuser@gmail.com <mailto:superuser@gmail.com>> wrote:
> 
>>>    I'm less convinced by the notion that all of the RFC5322.From is disregarded by the preponderance of users when deciding what level of trust to put in the message's content. That suggests we blindly open and read absolutely everything, and I suspect that isn't the case.
>> 1. That's not what it suggests, at all
>> 
>> Then I don't know what else you might mean by "end users do not reliably make trust decisions based on /any/ of the information in the rfc5322.From field".  What other data exist upon which to make trust decisions in the display of a mailbox?
> 
> There was a research project done by an inbox provider and a major supporter of DMARC presented at a MAAWG meeting a few years ago. They tried adding trust indicators to the message list but found no statistically significant behavioral changes by users. Given the conference policies, I hesitate to mention it here, but there is research. There’s also a conference paper I found, done by a computer science research team at VA Tech that looked at this as well. 
> 
> Was it us?  If so, I can push on folks to find and make it releasable, but I don't recall that we had such a presentation but I've also been out of the loop for a while and wasn't there are
> the beginning of DMARC either.  Ie, I know the ecert goldkey stuff failed on this, but don't think I ever saw the data.

Wasn’t Google (which doesn’t mean Google hasn’t done similar work. Following up offlist. 

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
laura@wordtothewise.com
(650) 437-0741		

Email Delivery Blog: https://wordtothewise.com/blog

v2.23.0 | Report a Bug | By Email