Currently the MUA displays the FROM address to the end user as being
the
originator of the email. Once the SUBMITTER extension is in use then
the
MUA can do one of two things to stop phishing:-
1. Instead of displaying the FROM address as the originator it can
display the SUBMITTER address.
Or
2. Dump messages where FROM <> SUBMITTER.
I would pefer that the MUA say
From SUBMITTER on behalf of FROM
And it should reply to FROM unless there is a "Reply-To:" Header.
dave.
TP> That's nice but SUBMITTER = FROM unless the content is malformed.
TP> And SUBMITTER is verified by the MTA using SPF records.
TP> So the reply should go to SUBMITTER as its verified as being the
TP> real sender. And if the real sender is sending malformed email
TP> then they should get any replies in any case.