That is: users look at From lines and spammers and phishers try to
fake them. Anyone DISAGREE with that assertion?
Of course you're wrong.
Except in the most primitive MUAs (which are surely far more popular
with people here than with Internet users in general), what the user
sees isn't the From: line, it's something the MUA concocts using the
From:, Sender:, address book entries, and random other stuff.
If I am using a recent version of Thunderbird in a normal
configuration, what will I see if a message has this From: line?
From: security(_at_)paypal(_dot_)com <phish(_at_)rbn(_dot_)ru>
Sometimes the bad guys fake the From: line address, a lot of times
they don't even bother. It is ridiculous to assert that anything like
SSP would make a meaningful difference in the amount of phishy stuff
MUAs show their users.
PS: I can't wait for someone to say "well, then MUAs will all have to
change to show the real address".
NOTE WELL: This list operates according to