On Mon, Jun 8, 2020, at 2:03 AM, Douglas E. Foster wrote: > Stan Kalisch asks: And you propose the average user can understand, much less > take the time to understand, the substance? > > Yes. I believe users are worried about spam, and want to make intelligent > decisions about whether or not email can be trusted. Unfortunately, our > present software denies them access to the available information needed to > make intelligent decisions.
See, I believe they want to, too, but, anecdotally, I can think of a number of intelligent people I can't explain DMARC to in a substantive manner in a short period of time. And the research bears these kinds of anecdotes out. What I've tried to establish here is that you really have to take the initiative if you want to come up with a system that can present the kind of data you want presented to the users. You're missing the point that a number of people with a great deal of experience have tried, and think it's either impossible or very unlikely. So simply asking the community to come up with a solution won't be enough, because the community has labored to find a solution for a very long time. A good place for you to begin would probably be this paper: http://www.usablesecurity.org/emperor/ Stan > > Dave Crocker observes: There is no basis for believing that requests about > MUA display will achieve meaningful support on the receive side, nevermind > whether they would be at all useful. > > I was not talking about the sender. I was talking entirely about the > receiving organization: its spam filter communicating to its MUA to > communicate information to the end user based on its local policy. > > Dave Crocker also observes about end-user signaling failures: It's not that > it 'seems to be'. It isn't nearly that soft. It is that there have been > multiple efforts over the years and none has demonstrated efficacy. > > Then lets restate that assertion in all its ugly elitism, and put it into an > RFC: > > Incontrovertible research shows that humans will always act on malicious > email, and cannot be taught to do otherwise. Organizations should deploy > email if and only if they have automated tools which provide perfect > protection from unwanted email. End user training is useless. > > I have a higher opinion about my users than that. > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
