Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

[Alex Buie via NANOG <nanog () lists nanog org>]

On Thu, Jul 3, 2025 at 8:12 PM Michael Thomas via NANOG <
nanog () lists nanog org> wrote:

> .
> > > So by all means, let's get rid of TLS as well. ::eyeroll::
> > >
> > > Mike
> > I'm not saying to get rid of any of these things. I'm just saying
> expecting
> > them to replace user training in critical thinking is foolish, and
> overall,
> > the point Rich made makes sense. If you tell people "as long as you check
> > these things you can trust it" they are way more likely to believe
> > something unbelievable if it has all those "you can trust me" flags.
>
> Good thing nobody thought that it's a substitute. Making incremental
> improvements don't have to be viewed as, uh, cure-alls. That would be,
> uh, foolish.
>
> Mike
>
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/4FPNUYKZPDZELNK3XY5KWBH6HY7X4RK5/




I agree with you they are not a substitute and that is foolish. There are
many who come to say they have the one and final true solution to spam and
email auth though. My argument is anything purporting to do so is
attempting to critically think for the user.

While the incremental improvement to auth is good, one could argue the user
experience implementing is not, as I think Rich is saying, and I agree. We
are training people to only check for and believe the machine signal which
can sometimes be “truthfully false” as in the case of email credential
compromise and trademark impersonation.

> <https://lists.nanog.org/archives/list/nanog () lists nanog org/message/4FPNUYKZPDZELNK3XY5KWBH6HY7X4RK5/>
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/KSISCRR4IUQRXGGNQFAVBALO2HAS4VVS/