On 12/2/2015 5:50 AM, Ted Lemon wrote:
Wednesday, Dec 2, 2015 3:56 AM Paul Smith wrote:
The thing is that whatever you do to email, the weak link is always the
human. Humans are the ones who respond to Nigerian princes, they're the
ones who think it's OK to send their bank password by email to anyone who
asks for it in an authoritative way, etc.
So, training HAS to be done, otherwise people will lose privacy.
Look, I'm really sorry to keep harping on this, because I know it's a bit off
topic and probably annoying, but your model of how to do security for end
users is simply wrong. The way you prevent people from getting scammed is
to by default not deliver email from people they don't know. I realize this
is anathema to a lot of email folks,
Absent hard data that shows efficacy, both of you are wrong.
At base, we don't know how to prevent folks from getting scammed, while
still allowing them to interact with the outside world.
Lots of people are sure they know the right answer here, but none of
them can document efficacy. Worse, most of the ways people cite have
already been demonstrated to be inadequate or unachievable.
So yeah, this line of discussion is entirely out of scope.
ietf-smtp mailing list