On 22 Oct 2020, at 17:17, Wietse Venema <wie...@porcupine.org> wrote:=
>
> Demi M. Obenour:
>> That's because MUAs display the From: header, not the envelope address.
>> DMARC is aimed at preventing spoofing. If someone sends a message
>> that claims to be from me, but is not, that could damage my reputation
>> or worse. If GMail had p=reject, such a message would be dropped
>> as a forgery. If a relative of mine gets a message that claims to
>> be from me, but is actually from <demiobenour@notgmail.invalid>,
>> they at least have a chance of knowing the message is bogus.
>
> Enough already. Here's a From: header
>
> From: Firstname Lastname <some...@example.com>
> display name email address
>
> Many mail user agents, especially the GUI based ones, display the
> "Firstname Lastname" part, not the sender address. To see the address
> one has to take additional steps which many people won't take.
>
> What does this mean for ordinary users? There is a sender address
> that they never see, that is "secured" with DMARC and so on, but
> it could be total garbage because the user won't see it.
>
> What they do see is the completely unprotected "Firstname Lastname"
> part. Oh, and maybe an indicator that the email it is secure.
It's worth pointing out, again, that this means that a From header in a DMARC
message like:
From: al...@paypal.com <spam...@scum.example.com>
Will be shown to the user as being a secured message from "alert@#PayPal.com"
--
'You're your own worst enemy, Rincewind,' said the sword. Rincewind
looked up at the grinning men. 'Bet?' --Colour of Magic
