On 6/29/2020 9:01 AM, Doug Foster wrote:
Very creative suggestion. We need some new ideas.
However, I just checked my MUAs. All of them assume that "To" is
unimportant, so it is not displayed in the message list. "To" only appears
in the message view (including the Preview pane). Without more
visibility, it probably does not sufficiently solve the user interface need.
Which also suggests why I have not seen spammers try to manipulate that
field.
I have designed all my MUAs and I presumed all the 3rd party MUAs do
something similar with a "Message List" view (MLV).
Imeo, this would be one part of a "Recommended MUA Guide" to help
maximize user viewing security.
First, we have a limited space in what columns to show in a MLV. In
TUI (Text User Interface) display, you can correctly assume it will at
least 80 columns and optionally offer extended 132 columns is
supported by the terminal. With GUI, there is more flexibility.
Second, it is not that "To: is unimportant, the mail is mostly likely
targeted directly to you or to All for groupware environments, i.e. a
mailing list, NNTP newsgroups, local public or private
conferences/fora. The designer(s) can choose not to include a "To:"
column, or decide it is off by default. For GUI, the better ones will
offer a right click of the MLV table header or via some View Option to
manage the viewable MLV columns.
Third, our MUA, among others, offer this MLV as a quick way to tag
multiple messages to mark/unmark as read, delete, move, etc, and also
sort by column field(s).
Forth, our MUA, among others, also shows a Thread view which is
"Tree-View" display generated as a function of the Message-ID and
References: fields.
There are other display views for a MLV, for example, our MUA offers a
TOPIC view which is basically a thread view linked by the subject and
date fields or a flat table view with sorted subject/date columns. It
helps with the problem where a segment of a thread view is broken by a
"reply" not having a references id.
This illustrate the multiple TUI/GUI design considerations, allow me
to summaries what I have to deal with:
For a TUI view, the MLV is showing:
{Mail.Number}
{Mail.From}
{Mail.To}
{Mail.Subject}
and just to show you how limitations under 80 columns and 25 rows
standard terminal display:
Conference 0 - E-Mail (Internet & Local)
[ 1] Msg:63210 Fm:ANTONIO RICO To:HECTOR SANTOS Sb:github wcsdk
[ 2] Msg:49893 Fm:[email protected] To:HECTOR SANTOS Sb:BB&T SECURITY
SERVICES
[ 3] Msg:49894 Fm:list-wildcat-be To:HECTOR SANTOS Sb:Re:
[list-wildcat-beta]
[ 4] Msg:49895 Fm:CNNEarningEdito To:HECTOR SANTOS Sb:Double Your
Income... I
[ 5] Msg:49896 Fm:list-wildcat-be To:HECTOR SANTOS Sb:Re:
[list-wildcat-beta]
[ 6] Msg:49897 Fm:list-wildcat-be To:HECTOR SANTOS Sb:RE:
[list-wildcat-beta]
[ 7] Msg:49898 Fm:list-wildcat-be To:HECTOR SANTOS
Sb:[list-wildcat-beta] RE:
[ 8] Msg:49899 Fm:list-wildcat-be To:HECTOR SANTOS Sb:RE:
[list-wildcat-beta]
[ 9] Msg:49900 Fm:ProjectMgmtTrai To:HECTOR SANTOS Sb:Project
Management Trai
[10] Msg:49901 Fm:list-wildcat-be To:HECTOR SANTOS Sb:Re:
[list-wildcat-beta]
[11] Msg:49902 Fm:Developers@wins To:HECTOR SANTOS Sb:[Developers] pxw
[12] Msg:49903 Fm:mrsshirlevine20 To:HECTOR SANTOS Sb:Donation of
Mrs. Shirle
[13] Msg:49904 Fm:mrsshirlevine20 To:HECTOR SANTOS Sb:Donation of
Mrs. Shirle
[14] Msg:49905 Fm:list-wildcat-be To:HECTOR SANTOS Sb:RE:
[list-wildcat-beta]
[15] Msg:49906 Fm:morris.cooper@l To:HECTOR SANTOS Sb:Indebted for
driving on
[16] Msg:49907 Fm:group.consultin To:HECTOR SANTOS Sb:MUTUAL OFFER
[17] Msg:49908 Fm:ad428352916@for To:HECTOR SANTOS Sb:Fwd: For Sale
by Owner
[18] Msg:49909 Fm:easyhrsoftware@ To:HECTOR SANTOS Sb:HR Software
[19] Msg:49910 Fm:[email protected] To:HECTOR SANTOS Sb:Canada Goose -
The Ulti
[20] Msg:49911 Fm:ad428352916@gin To:HECTOR SANTOS Sb:Reply: Plus
size fashio
[21] Msg:49912 Fm:incoming@interf To:HECTOR SANTOS Sb:You have new
fax, docum
[22] Msg:49913 Fm:FreedomGenerato To:HECTOR SANTOS Sb:Power
Companies Caught
[R]ead, [M]ark, [C]ontinue, [N]onstop, [Q]uit? [ ]
yes, mucho spam!
Wit limited screen dimensions, you end up with truncated field
displays. That was the original display we had for TUI. Based on our
discussions, I will pencil in a change consideration to not show the
To: which will extend the FM:. I could put the date here too. But
again, we are limited.
For a Native GUI View, it borrowed similar to Windows Explorer display
views. The default columns are:
{mail.subject}
{mail.From}
{mail.to}
{mail.date}
For the HTML GUI view, the backend renders the following default columns:
Msg#
Date:
From:<crlf>Subject:
To:
Replies (count)
So it is one 1 table row with a message item displayed like so:
+----------------------------------------------------------------+
|{mail.number}| {mail.from} | {mail.to} | {mail.References.count}|
| | {mail.subject} |
+----------------------------------------------------------------+
We also have dynamic popup box views as you hover over an line item.
Overall, at best, we COULD and probably SHOULD recommend what the
default columns SHOULD be from a "better" security standpoint but we
can not design the MUA UI for the MUA developers which may come in
different flavors, including TUI and today, "WUI" Watch User
Interface, etc. It is not something that can be mandated and in no way
should any protocol be depending on concepts that are generally an
open-ended. It SHOULD discuss it, so that MUA authors get advice, but
it will be a difficult attempt to mandate it.
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
