> On 11 Oct 2025, at 02:02, Michael Orlitzky <[email protected]> wrote: > > On 2025-10-10 14:27:51, Laura Atkins via mailop wrote: >> >>> On 10 Oct 2025, at 14:06, Michael Orlitzky via mailop <[email protected]> >>> wrote: >>> >>> Going one step further: display only verified email addresses. If the >>> email address itself is forged, preferring it over the friendly name >>> isn't much of an improvement. With DKIM this is straightforward, but >>> if we are going to allow SPF to pass DMARC, then we need to display >>> the email address that was verified by SPF and not the one in the >>> "From" header. (Though most of DMARC becomes moot if you have the >>> courage to display unverified addresses as From: Unverified.) >> >> Who is going to verify the addresses? Did it ever occur to you that some >> folks don’t want major tech companies not to have any more information about >> us? That collecting “verified” addresses makes the organization doing the >> verification an even bigger target for hackers. >> https://www.bbc.com/news/articles/c8jmzd972leo >> >> Let’s stop insisting people hand over data that can be used against them to >> organizations that have proven they are unable to protect personal info for >> shit. >> > > None of the technologies I mentioned involve a third party. Senders > verify their own addresses by putting magic beans in the DNS; this > part is not even hypothetical. > > The only change I proposed is for MUAs to tell the truth: if there's > no way to verify the sender, the message is "From" whatever some dude > typed in a box, and presenting that string to the recipient as if it > has meaning is dangerous. This is not a serious proposal, but I do > believe that the issue boils down to a simple choice: > > 1. Stop lying to the user > 2. Accept forgery/phishing as inevitable > > "No Way To Prevent This," says only medium that confidently presents > unsanitized attacker-supplied misinformation directly to the victim.
So… BIMI. laura -- The Delivery Expert Laura Atkins Word to the Wise [email protected] Delivery hints and commentary: http://www.wordtothewise.com/blog
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
