IETF Logo Mail Archive

Re: dmarc damage, was gmail users read on... [bozo subtopic]

Dave Crocker <dhc@dcrocker.net> Sun, 14 September 2014 19:32 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D034B1A01A8 for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 12:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7-b_MiLylMr for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 12:32:43 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11D8F1A01A5 for <ietf@ietf.org>; Sun, 14 Sep 2014 12:32:43 -0700 (PDT)
Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s8EJWdhw030516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <ietf@ietf.org>; Sun, 14 Sep 2014 12:32:42 -0700
Message-ID: <5415EC8B.2030807@dcrocker.net>
Date: Sun, 14 Sep 2014 12:29:15 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
References: <20140913191426.3310.qmail@joyce.lan> <832617A8DFA9BF93CBDA3D97@JcK-HP8200.jck.com>
In-Reply-To: <832617A8DFA9BF93CBDA3D97@JcK-HP8200.jck.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Sun, 14 Sep 2014 12:32:42 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/AJBJbcB1RTK1oUe1QpxzpLHzlOQ
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 19:32:45 -0000

On 9/13/2014 1:09 PM, John C Klensin wrote:
>> For that second one, remember that a lot of MUAs only show the
>> > comment on the From: line, not the address.
> I've often wondered how many successful phishing attacks we
> could stop by issuing a "best practices" statement pointing out
> the risks and difficulties associated with that
> address-suppression practice.


Like most user interface ideas, it's an entirely reasonable line of
inquiry.

However based on the experience of 'usable security' folks, there's also
quite a bit of evidence that it would make no meaningful difference.

The best model to invoke, with respect to the idea of recruiting end
users to be active participants in abuse detection or prevention is
mostly:

  Don't.

That's a reality that tends to be rejected or ignored around the IETF,
so it would be quite nice to see proposals offer an empirical basis for
expecting efficacy.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email