> On Dec 27, 2016, at 2:47 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > > > End-users are essentially irrelevant to the formalized detection and handling of phishing. That's good news. There's no need to worry about what the From: field says at all, all that matters is automated detection of scams. Since phishers don't send messages with "Sender" such a change would have no immediate negative consequences. Real lists can DKIM sign their outbound messages and get a decent reputation, while unsigned or forged "Sender" headers can aggressively filtered. The user can continue to see the bare "From:" header, or "on behalf of" ala Outlook as deemed most appropriate by the MUA designer and user preference. -- Viktor.