On Dec 27, 2016, at 2:47 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
End-users are essentially irrelevant to the formalized detection and handling
of phishing.
That's good news. There's no need to worry about what the From: field says at
all,
all that matters is automated detection of scams.
Since phishers don't send messages with "Sender" such a change would have no
immediate
negative consequences. Real lists can DKIM sign their outbound messages and
get a
decent reputation, while unsigned or forged "Sender" headers can aggressively
filtered.
The user can continue to see the bare "From:" header, or "on behalf of" ala
Outlook as
deemed most appropriate by the MUA designer and user preference.
--
Viktor.