On Fri, Oct 23, 2015 at 04:33:57AM -0400, Dave Crocker wrote:
But your premise that users get trained by any of this mostly goes
against research and experience: Users mostly don't notice nuance in
the information in the message header and mostly don't notice anything
reliably and mostly can't be trained.
+1. I don't always agree with Dave about everything, but this is one
case where I'll echo his thoughts, with amplification. "Attempting
to train users and/or use them as part of security/anti-abuse efforts"
is a known-failed approach, with precious few isolated and rare exceptions.
It would be nice if it were otherwise. It's not. It's never going to be.
So when evaluating various bits of technology like this, "can users be
trained?" is not a question that needs to be on table. We already know
the answer. We've known for decades.
---rsk