Demi M. Obenour:
> That's because MUAs display the From: header, not the envelope address.
> DMARC is aimed at preventing spoofing.  If someone sends a message
> that claims to be from me, but is not, that could damage my reputation
> or worse.  If GMail had p=reject, such a message would be dropped
> as a forgery.  If a relative of mine gets a message that claims to
> be from me, but is actually from <demiobenour@notgmail.invalid>,
> they at least have a chance of knowing the message is bogus.

Enough already. Here's a From: header

    From: Firstname Lastname <some...@example.com>
            display name         email address

Many mail user agents, especially the GUI based ones, display the
"Firstname Lastname" part, not the sender address. To see the address
one has to take additional steps which many people won't take.

What does this mean for ordinary users? There is a sender address
that they never see, that is "secured" with DMARC and so on, but
it could be total garbage because the user won't see it.

What they do see is the completely unprotected "Firstname Lastname"
part. Oh, and maybe an indicator that the email it is secure.

        Wietse

Reply via email to