On 10/22/2015 8:07 PM, Christian Huitema wrote:
On Thursday, October 22, 2015 12:41 PM, Brian E Carpenter wrote:
On 23/10/2015 02:57, Russ Housley wrote:
...
It seems to me that DMARC re-writing is a more important feature for this
community. I think we should drop support for the password messages and
move to a newer version. I'd like the tools team to check this out, and then
if the newer version will not introduce other surprises, move to the newer
version.
The primitive rewriting of the From is a bug in itself, because it destroys
important information (who sent the message, even if they are a non-
subscriber).
+1.
Rewriting the "From:" header trains users to only look at the user friendly
name, and to overlook the rewritten address. The potential for phishing is
interesting.
Christian,
I don't like the re-writing either, mostly because it causes email
software to think that one person is (at least) two, when doing sorting
and searching, and therefore causes it to have some new semantic failure
scenarios.
But your premise that users get trained by any of this mostly goes
against research and experience: Users mostly don't notice nuance in
the information in the message header and mostly don't notice anything
reliably and mostly can't be trained.
And no, that's not a slam at users, it's a reality of human factors
design and the body of interactive computer use research.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net