On Tue, Jul 15, 2014 at 09:06:55AM +0100, t.p. wrote: > > MUAs should expose message origin when different from author. > > Viktor, > > A fine idea, but, as a pragmatic engineer, I know that changes to an MUA > will take five, may be ten, years to achieve widespread deployment, > whereas changes to MTA could happen in a matter of weeks, if needs must. We could have started 5 years ago. Better late than never. The problem being tackled has no instant gratification solutions. Pretending the problem is simpler than it is has a way of coming back to bite you. I've always held that no amount of sender origin authentication will save the clueless from themselves, any real protection is at the gateway, and the gateway sees all the headers. In the mean-time "citibank.com.dukhovni.org" will look plausible enough to the helpless and will not be foiled by DMARC. The expedient approach has not worked, it should have been done right long ago, and should still be done right in the present. -- Viktor.