On Tuesday, July 15, 2014 15:44:18 John Levine wrote:
Some MUAs already expose "Sender != From" by displaying
"From <sender> on behalf of <author>". This needs to become standard
MUA behaviour.
Perhaps not. This is the "punt security policy to Grandma" model. A
more extreme version is the proposal to show signed and unsigned parts
of messages in different colors.
It would have been nice if users and MUAs had done this all along and
there were widely understood conventions (as opposed to well
documented but not well understood) conventions for using Sender:
headers. But there aren't. The most popular MUA that shows the
sender is Outlook, and people I know just find it confusing.
You and I probably have the background to make useful decisions from
various combinations of sender and author. But I don't see any reason
to believe that non-technical users (in my case, Grandma is my wife's
74 year old mother) do.
That's possibly true, but given the goal of the working group, it may turn out
to be the best we can do. In my limited IETF experience, I've seen several
variants of "we aren't U/I experts, so we should stay away from it". That may
be true, but we may not get out of this one without having to give some strong
guidance.
For the large fraction of email users today that are doing it via webmail
where the service provider controls the MUA experience directly, the timeline
for improvement can be relatively short compared to traditional software
deployment cycles.
Scott K