>But unfortunately, once the UI recognizes this case, would we not be >imposing harm vis-a-vis phishing in particular? And then DMARC Mark >II (as it were) would have to prohibit the wrapping and require a wrap >of a wrap, etc. DMARC is only useful because many crooks are remarkably lazy or stupid. I've seen numbers showing that it blocks vast amounts of spam with From: addresses like <security@xxxxxxxxxx> which means that a lot of crooks just uses the exact address they're attacking But it's not effective against stuff like this, which they also use: From: <security@xxxxxxxxxx> From: security at paypal.com <boris@xxxxxx> For that second one, remember that a lot of MUAs only show the comment on the From: line, not the address. While I believe that it does block considerable phish now, I also believe it's a lot of long term pain for only short term benefits. I also agree that if we invent ways to circumvent DMARC issues, the bad guys will quickly adapt unless those ways have a different, ideally better, threat model. See the appsawg archives and the new dmarc list for further discussion on this point. R's, John