>Of course people will suggest that we validate the personal name information. Because at the end of the >day, spoofing is trying to make me believe that the message comes from "my friend Viktor" when in fact it >does not. We may have perfect SPF, DKIM, DMARC and what have you, and still get spoofed messages "From: >Viktor Dukhovni <viktor@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>." You know, that's what S/MIME with signed certificates is supposed to do. It's widely supported in MUAs and, well, meh. R's, John