Re: dmarc damage, was gmail users read on... [bozo subtopic]
Dave Crocker <dhc@dcrocker.net> Sun, 14 September 2014 19:32 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D034B1A01A8 for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 12:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7-b_MiLylMr for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 12:32:43 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11D8F1A01A5 for <ietf@ietf.org>; Sun, 14 Sep 2014 12:32:43 -0700 (PDT)
Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s8EJWdhw030516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <ietf@ietf.org>; Sun, 14 Sep 2014 12:32:42 -0700
Message-ID: <5415EC8B.2030807@dcrocker.net>
Date: Sun, 14 Sep 2014 12:29:15 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
References: <20140913191426.3310.qmail@joyce.lan> <832617A8DFA9BF93CBDA3D97@JcK-HP8200.jck.com>
In-Reply-To: <832617A8DFA9BF93CBDA3D97@JcK-HP8200.jck.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Sun, 14 Sep 2014 12:32:42 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/AJBJbcB1RTK1oUe1QpxzpLHzlOQ
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 19:32:45 -0000
On 9/13/2014 1:09 PM, John C Klensin wrote: >> For that second one, remember that a lot of MUAs only show the >> > comment on the From: line, not the address. > I've often wondered how many successful phishing attacks we > could stop by issuing a "best practices" statement pointing out > the risks and difficulties associated with that > address-suppression practice. Like most user interface ideas, it's an entirely reasonable line of inquiry. However based on the experience of 'usable security' folks, there's also quite a bit of evidence that it would make no meaningful difference. The best model to invoke, with respect to the idea of recruiting end users to be active participants in abuse detection or prevention is mostly: Don't. That's a reality that tends to be rejected or ignored around the IETF, so it would be quite nice to see proposals offer an empirical basis for expecting efficacy. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- gmail users read on... Brian E Carpenter
- Re: gmail users read on... Rich Kulawiec
- Re: gmail users read on... Andrew G. Malis
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Michael Richardson
- Re: gmail users read on... Mary Barnes
- RE: gmail users read on... l.wood
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... Tim Bray
- Re: gmail users read on... TJ
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Riccardo Bernardini
- Re: gmail users read on... Paul Hoffman
- Re: gmail users read on... TJ
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... joel jaeggli
- Re: gmail users read on... Phillip Hallam-Baker
- Re: gmail users read on... [technical subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Andrew G. Malis
- Re: gmail users read on... [bozo subtopic] Hector Santos
- Re: gmail users read on... [bozo subtopic] Antonio Prado
- Re: gmail users read on... [bozo subtopic] Joe Abley
- Re: gmail users read on... [bozo subtopic] Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- RE: dmarc damage, was gmail users read on... [boz… Christian Huitema
- Re: dmarc damage, was gmail users read on... [boz… George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Miles Fidelman
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: dmarc damage, was gmail users read on... [boz… Theodore Ts'o
- Re: dmarc damage, was gmail users read on... [boz… Donald Eastlake
- Re: dmarc damage, was gmail users read on... [boz… Viktor Dukhovni
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Sabahattin Gucukoglu
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: gmail users read on... Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Scott Kitterman
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: gmail users read on... George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… David Morris
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec