>>> From: Foo list [Jane Smith] <f...@list.org> >>> CC: Jane Smith <j...@smith.org> > >> Given that most MUAs these days don't show the e-mail address at all, >> it's hard to see why that would be better. > >I'm not sure that's true. MUA's suppress the email address in the From: header >if it's in your >contacts list or safe senders list. If it isn't, they show the entire thing. > >Not all MUA's are like this but a lot of them are.
I haven't seen any recent numbers for MUA popularity, but the one that comes with Android phones must be one of the most popular these days, and it only shows the From: comment unless you select the message and hit "View Details". Web gmail shows only the comment in the mailbox index, shows both if you open the message but by then it's arguably too late. We've certainly been through this before, and there's plenty of examples of people getting phished from addresses that have no resemblance at all to the entity they're impersonating, e.g. From: Microsoft Security <bo...@rbn.ru> DMARC does an OK job when crooks use the exact domain name, which they stilll do a lot, but we still don't have a clue about what to do when they don't, other than trying to filter it because it looks evil, not because it sorta kinda looks like a domain name in someone else's DMARC record. R's, John _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
