Re: [IETF] DMARC methods in mailman

Dave Crocker <dhc@dcrocker.net> Tue, 27 December 2016 18:47 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD23A129696 for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:47:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.792
X-Spam-Level:
X-Spam-Status: No, score=-1.792 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bICoAbX8dep2 for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:47:14 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03F7D1296B4 for <ietf@ietf.org>; Tue, 27 Dec 2016 10:47:14 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uBRImOmB000917 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 27 Dec 2016 10:48:25 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1482864505; bh=x5bthXfcCQbyKwDAZjir9WBuaaRpxytGQfshdTGYZCY=; h=Subject:To:References:Cc:Reply-To:From:Date:In-Reply-To:From; b=oH6Ue0/HBrmCMC8TL76+TwIhbt0+JatdxruOKJS5WBH05h4d+suVSiJ9L1otRkRCY iVa0Hk0TcS4kZmuHbVfRT4tI5zRvitQ/sxxJAXZc+BFSca257QjNuNDibqqKdCvQfH P2krSFDQLQLFmotYXYVABjaLiQlOWz+dIRomipUE=
Subject: Re: [IETF] DMARC methods in mailman
To: Christian Huitema <huitema@huitema.net>, "'John Levine'" <johnl@taugh.com>, ietf@ietf.org
References: <20161226205249.rneaenhh5c2dcpz4@thunk.org> <20161227013401.11378.qmail@ary.lan> <03e401d25fe5$5f32a5f0$1d97f1d0$@huitema.net> <6ec78001-e522-70cc-6592-0228492b8f74@dcrocker.net> <000201d26070$248a9030$6d9fb090$@huitema.net>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <49a2a831-a096-233a-3e48-0a87fa98e6ef@dcrocker.net>
Date: Tue, 27 Dec 2016 10:46:57 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <000201d26070$248a9030$6d9fb090$@huitema.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/rNJPnS_pePB28ICD-jcuEYL_XR8>
Cc: tytso@mit.edu
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 18:47:15 -0000

On 12/27/2016 10:36 AM, Christian Huitema wrote:
> On Tuesday, December 27, 2016 7:14 AM, Dave Crocker wrote:
>> On 12/26/2016 6:03 PM, Christian Huitema wrote:
>>> But your mail and many comments on this lists point to the huge
>>> responsibility of the MUA with respect to phishing. Phishing is
>>> about duping the user by displaying misleading information. The
>>> effective defenses have to rely on proper user interface design,
>>
>> Unfortunately, this is mostly /not/ true.
>>
>> The actual experience, both in field work and usability research,
>> is that UI design does not affect user processing of phishing very
>> much. Neither design nor user training have much effect.
>>
>> Hence most effective phishing protection is in the filtering
>> engine(s) below the UI.
>
> We actually agree. In my mind, I was not thinking of UI as the
> arrangement of displayed pixels, but rather the intelligent selection
> of which information to present and what interactions to design.
> Without this local intelligence, MUA are not likely to handle the
> example that Viktor gave, "Joe Banker <joe@bank.notbank.example>"e>".
> Among other examples. My point is that this intelligent filtering
> benefits from information about the user context, such as what bank
> the user normally deals with. That kind of information might be
> available in the user context, but is normally not available to the
> mail delivery system.


To that end, saying "MUA" might have some formal validity, but it does 
not help the discussion.  Too many readers think it refers to something 
having to do with end-user interaction.

Worse, Viktor's line of logic presumes the modified From field somehow 
gets the message past filters better, and that is just plain wrong.

The modifications to the From line are intended for end users, not 
filtering engines.

(Whether they are actually helpful for end-users is a different 
discussion.  cf, my previous note.  To my knowledge, there have been no 
studies to establish that the ad hoc modifications are at all useful.)

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net