RE: [IETF] DMARC methods in mailman

"Christian Huitema" <> Tue, 27 December 2016 18:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B1607129679 for <>; Tue, 27 Dec 2016 10:36:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l7yeJud2OFJ3 for <>; Tue, 27 Dec 2016 10:36:44 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 767EB129ACB for <>; Tue, 27 Dec 2016 10:36:38 -0800 (PST)
Received: from ([]) by with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <>) id 1cLwbz-0006ju-Kv for; Tue, 27 Dec 2016 19:36:36 +0100
Received: from [] ( by with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <>) id 1cLwbx-0004tM-2W for; Tue, 27 Dec 2016 13:36:33 -0500
Received: (qmail 22332 invoked from network); 27 Dec 2016 18:36:32 -0000
Received: from unknown (HELO icebox) ([]) (envelope-sender <>) by (qmail-ldap-1.03) with ESMTPA for <>; 27 Dec 2016 18:36:31 -0000
From: "Christian Huitema" <>
To: <>, "'John Levine'" <>, <>
References: <> <20161227013401.11378.qmail@ary.lan> <03e401d25fe5$5f32a5f0$1d97f1d0$> <>
In-Reply-To: <>
Date: Tue, 27 Dec 2016 10:36:28 -0800
Message-ID: <000201d26070$248a9030$6d9fb090$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGYvTf4+z0YF/rTLd4JyDFrBV1vBAH5IvjfAb7DBXEB5qzWgaFibvZg
Content-Language: en-us
Subject: RE: [IETF] DMARC methods in mailman
Authentication-Results:; auth=pass smtp.auth=
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.31)
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlVTHAar8Je/lORhy3PZJU8LERWeKKG4PAQY Nyavp7c49LCP7NcwZmTrFhTWonoFoqtTugiLDom8V25hond3K4RsO76XSTAwtV4mg4i2ouCDa4AU hvIWAV5xUW/+gAh4vXpZar5ki46h4yhRoP6jUiq4RcOb18WfxGyg6Om6u4YYm90YuWX+3asiMOH0 wqwGMPI5hjoyEb9Oq0NWpyO3vrfYoocEfHwV+0ePfQGXOSgIJz3dKxLhoxcmaInYbR5vlqGudzLe k2TYFBStSOMccbr5Uz0sPgnpAk2KA2vJwMd1uWhCmLzOxTAcQmFWVARhgNqBNFD3an3wiMp49rVr ybSB9a2LHJVD1n7GG0fP4s+aIhQRCdMNhge1Unb77YyuZq4LHhXxYa45meVHZZL/VetuRBdQ80wr wyng3wNtDYr6IWSdEOMftBjsWb6BDQzjSsEw7+KMtoemwN8keIAcPKMBBQ67muZNm3G2c8/Pjjqy k0k0bdVHmDm5y9NcoZdM30MpNkbYYJ8YZ7d5zi74j6F/edseI+0iffshWIcU02XSgP6DwZpjxPTx I2S/vwoydU3rc+Iv2rc9L0aEB794CHU7QkUmTDfMv/tVj9RPDK26f3u07h1Ar0asfEVCjJZw/E01 aDvSI66S1J0VQ44N+76FK8eKCjMwAtVOhBhVmKM7NamxVEE6gtF+B/lEIPzms74rHdmmurdkSlp8 bL7MuNSeJ6fVbIdD0RyyBL+RsQXLIsIclqURQOfTUwDe+Ri01fK//LgD8r/EmKnkLuRbKmSGYyUP r23raOD+k0BwTaZR7fY4ocfmWv3Fe9Iziczdq+A=
X-Recommended-Action: accept
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 27 Dec 2016 18:36:45 -0000

On Tuesday, December 27, 2016 7:14 AM, Dave Crocker wrote:
> On 12/26/2016 6:03 PM, Christian Huitema wrote:
>> But your mail and many comments on this lists point to the huge responsibility of the MUA with respect to phishing. Phishing is about duping the user by displaying misleading information. The effective defenses have to rely on proper user interface design,
> Unfortunately, this is mostly /not/ true.
> The actual experience, both in field work and usability research, is 
> that UI design does not affect user processing of phishing very much. 
> Neither design nor user training have much effect.
> Hence most effective phishing protection is in the filtering engine(s) 
> below the UI.

We actually agree. In my mind, I was not thinking of UI as the arrangement of displayed pixels, but rather the intelligent selection of which information to present and what interactions to design. Without this local intelligence, MUA are not likely to handle the example that Viktor gave, "Joe Banker <joe@bank.notbank.example>"e>". Among other examples. My point is that this intelligent filtering benefits from information about the user context, such as what bank the user normally deals with. That kind of information might be available in the user context, but is normally not available to the mail delivery system.

-- Christian Huitema