Carl Hutzler wrote:
And to be fair, Outlook does show both when you OPEN THE
EMAIL and read it. But in the list view, they only show
the display name (like most clients). I would be concerned
that most readers would see "service(_at_)citibank(_dot_)com" in the
list view (phishers would use that as their display name)
and by the time they open it "all concerned about their
account" they might miss the detailed view of the 822FROM
address which Outlook does display at that time.
I was about to make the same point, absolutely. If the mark can't tell
from the list view that the email is phishing and actually opens the
email, then the mark's mindset is already driven towards solving the
"your account will be closed" problem. If the mark smells phish, the
mark will right-click or do whatever is necessary to see the 822FROM.
For example, you can have the CLIENT software only
display the display name if the receiving client has
the sender in their address book.
I agree, but there are a few things that don't meet the eye right away
WRT this; explaining this will likely require screenshots, stay tuned.
Graham Murray wrote:
The main problem I see with Outlook is that it was
designed for use in an internal corporate email system
Not really. It comes with Office, I know tons of people who don't have
an Exchange server and use Outlook as their POP3 client.
Michel.