ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] on the suitability of the From header field

2005-08-16 13:53:36
from [Keith Moore] [Permanent Link] 
At 16:28 13-08-2005, domainkeys-feedbackbase02(_at_)yahoo(_dot_)com wrote:

Sure. But do end-users want to, and should they have to?


That's a good question.


Just because a rickety old standard technically makes it possible to
distinguish between a confusion of originating, authoring, authorizing,
resending and non-delivery report addresses, does not imply that it should  
be
imposed on the billion or so end-users who have little choice but to use that
standard.


The standard makes the distinction between all these addresses but at 
the end of the day, the end-user is only interested in from whom this email 
is.


That's an overgeneralization, for multiple reasons:

- One is that it lumps all users into one big bucket, when in reality
the needs of a billion or so users are extremely diverse.

- Another is that it lumps all situations into one big bucket.  _Most_
of the time, _most_ end users are only interested in who sent the email,
and they don't need to stop to think about the difference between who
wrote the email, who signed the email, who the email purports to have
been written by, who initially sent the email, and who sent the email
to the recipient.   But on rare occasions those distinctions will be
important for almost anyone, and most users are capable of
understanding the differences. Also, user experiences have been
conditioned by existing MUAs that don't make these distinctions clear.
[*] That doesn't mean that users won't learn to understand the
differences when MUAs start making the distinctions clearer.

One real trick, I think, will be to design user interfaces that display
each case (and there are lots of cases) with the appropriate level of
attention-getting.   Another real trick will be to provide enough
information in a message so that filters can discard or bounce some
subset of clearly bogus messages with a zero false positive rate -- or
at least, to discard or bounce messages only when they are actually
bogus or there's an upstream protocol error that is reported to the
appropriate party.  

Keith

[*] Also, in hindsight, "From" was probably a poor choice for the field
name, because "From" is more likely to be associated with the act of
submitting a message than with the act of authoring the content of a
message, even though it actually refers to the latter. 
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore
Next by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock
Previous by Thread:  Re: [ietf-dkim] on the suitability of the From header field, SM
Next by Thread:  Re: [ietf-dkim] on the suitability of the From header field, Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]