Re: SPF/DKIM/DMARC et.al.: REALLY LONG [was: is it just me or...]

[Michael Thomas via NANOG <nanog () lists nanog org>]

On 7/5/25 1:11 PM, John Levine via NANOG wrote:
> > Do you have any visibility into, say, MAAWG and why they don't take this
> > up as a standards effort?
> Honestly, they'd just laugh. It's not a new idea, and there is a great
> deal of experience that says asking users to make security decisions in
> the UI mostly adds confusion.

The research paper I pointed to disagrees. It's not a panacea, but it's 
helpful.

But yeah, dysfunction is the most likely answer rather than oversight. 
Email is full of that, so I'm not surprised.


> On the other hand, if you use Thunderbird, I don't think it'd be very
> hard to write a plugin that looks at the Authentication-Results:
> header and adds locks or skulls and crossbones to the message display.
> Try it, tell us how you like it.
>
> You can start with this one:
>
> https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/

Authentication-Results is not intended by itself to be a UI element, so 
that's not what I'm talking about. Any effort would require 
collaboration with security human factors experts for starters.

Mike

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WWALLPRXBVKFJG5ZKQCTRTD3QBJGDDXU/