Oh, and one more thing... Even if there were a magic bullet to absolutely detect forged From: addresses and forged envelope senders... it would not help with phishing attacks and spoofing. That's because every email reader I've ever used shows neither the From: address nor the envelope sender by default. They all default to showing the full name on the From: line, which naturally is impossible to protect or verify. On the DMARC list quite a while ago, I was agitating for a recommendation that mail readers SHOULD show the domain part of the from header, just like Slashot displays the domain associated with a link. So if the From: header looked like this:
From: "Dianne Skoll <d...@roaringpenguin.com>" <unrela...@spammer.org> I would love for mail readers to display this in the sender column: Dianne Skoll <d...@roaringpenguin.com> [spammer.org] However, the DMARC people said UI design was not in DMARC's scope. Meh. Regards, Dianne. (And I'm not even convinced that would offer much protection... end-users are wonderful at ignoring red flags.)
