On 10/22/2015 8:07 PM, Christian Huitema wrote: > On Thursday, October 22, 2015 12:41 PM, Brian E Carpenter wrote: >> >> On 23/10/2015 02:57, Russ Housley wrote: >>> ... >>> It seems to me that DMARC re-writing is a more important feature for this >> community. I think we should drop support for the password messages and >> move to a newer version. I'd like the tools team to check this out, and then >> if the newer version will not introduce other surprises, move to the newer >> version. >> >> The primitive rewriting of the From is a bug in itself, because it destroys >> important information (who sent the message, even if they are a non- >> subscriber). > > +1. > > Rewriting the "From:" header trains users to only look at the user friendly name, and to overlook the rewritten address. The potential for phishing is interesting. Christian, I don't like the re-writing either, mostly because it causes email software to think that one person is (at least) two, when doing sorting and searching, and therefore causes it to have some new semantic failure scenarios. But your premise that users get trained by any of this mostly goes against research and experience: Users mostly don't notice nuance in the information in the message header and mostly don't notice anything reliably and mostly can't be trained. And no, that's not a slam at users, it's a reality of human factors design and the body of interactive computer use research. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net