In all such cases it is a balance between security and usability. Only some of the fixes are client side though.
A lot of what you describe would be effectively implemented by moving to a plain text mail client (mutt and emacs are still around decades later). --srs ________________________________ From: mailop <[email protected]> on behalf of Tim Bray via mailop <[email protected]> Sent: Friday, October 10, 2025 2:20:40 PM To: [email protected] <[email protected]> Subject: [mailop] Phishing prevention in email clients Hi, I've been wondering about how email clients could change to make phishing less effective. 1) Display the email address not the name in your email folders From: DVLA Services <[email protected]<mailto:[email protected]>> becomes From: [email protected]<mailto:[email protected]> So, on a normal day, you would get used to seeing emails from `[email protected]<mailto:[email protected]>` rather than `Tim Bray` 2) in html email, the a tag contents are replaced with the URL you will go to. so <a href='https://dvla.tax.scam.domain.example.org' style='button'> Vehicle tax</a> becomes https://scam.example.org/ And any images inside an <a></a> are removed I'm sure the scammers will move on, but it's just so easy to make something look convincing. Apple, Gmail, thunderbird, roundcube and outlook. Just pick a day and all change. I'm open to comments and feedback. I'm interested if I've missed an obvious other way hide stuff if you are scamming people. (and sorry for picking on DVLA, but my mailbox is fillling up with people faking being you this morning. DLVA is the uk authority where you register and pay the tax for your Car) -- Tim Bray Huddersfield, GB
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
