On 6/2/2020 5:13 PM, Seth Blank wrote:
On Tue, Jun 2, 2020 at 4:02 PM Dave Crocker <[email protected] <mailto:[email protected]>> wrote:

    On 6/2/2020 3:53 PM, Seth Blank wrote:
    > The point I was trying to make is that consumers are susceptible to
    > fraud,

    Of course they are.  Unfortunately, that point is irrelevant,
    because it
    isn't the question at hand.


Dave, this is exactly the point where I think we're on different pages. The From: domain matters because its contents affect user behavior.

Apparently I wasn't simple enough, so let's reduce this to the absurd reality that typically applies:

     If a user doesn't see it, how can it affect their behavior?


Alignment matters, because it ensures that the domain which is authenticated matches what the user sees in the inbox (because, rightly or wrongly, inboxes show the contents of the From: header field).

Except that most users don't see the From: domain name.


When this match fails, a message can be rejected before it's ever in front of a user and capable of causing confusion or fraud.

Exactly.  What matters is that unalignment is presumed to demonstrate bad faith by the originator.  THAT is what significant.  And it's significant to the filtering engine, not the recipient user.



The point is NOT to change user behavior due to what is presented in the From:, it is to prevent manipulation of user behavior by only allowing From: domains to be displayed if they have been authenticated.

Yeah, but that's quite different from saying that a user who sees a bad from: field is manipulated.



Your argument seems to be that you don't believe that spoofing the From: domain leads to user impact, or am I completely misunderstanding you?

Where is the clear and credible research data that says that a bad From: field domain name specifically tricks end users?

d/


--

Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to