Bugzilla

For senders that are in the user's address books (including Collected Addresses), show only the full name, as set in the address book. For unknown senders, show the email address. What's most important is the second-level domain of the email address, because that's the security anchor.

There is a very important security reason for this: Phishing is one of the biggest security threats today. Phishing is based entirely on the reader (our user) being confused about the origin/sender of the email. If anything, the sender domain needs to be more prominent than it is now, not less. Many of the most famous and disastrous hacks have started with email phishing: The hack of Bundestag, the German parliament, which effectively destroyed their entire IT infrastructure, after having been spied upon. IIRC even the most recent hack of Microsoft where hackers could read the US government emails, started with hacking one Microsoft employee, IIRC by email phishing, and then elevated from there. Email phishing is one of the biggest security threats that companies face today.

And they are all based on this simple confusion of who sent the message. All email clients should rather make the second-level domain of the sender much stronger than the real name, because that's the only bit of information that can not be forged (of DKIM/SPF is in place).

Thanks for asking, Alex. Maybe the idea to make the second level domain more prominent might allow you to hide the other email address parts and might make it look nicer and more secure.

For senders that are in the user's address books (including Collected Addresses), show only the full name, as set in the address book. For unknown senders, show the email address. What's most important is the second-level domain of the email address, because that's the security anchor.

There is a very important security reason for this: Phishing is one of the biggest security threats today. Phishing is based entirely on the reader (our user) being confused about the origin/sender of the email. If anything, the sender domain needs to be more prominent than it is now, not less. Many of the most famous and disastrous hacks have started with email phishing: The hack of Bundestag, the German parliament, which effectively destroyed their entire IT infrastructure, after having been spied upon. IIRC even the most recent hack of Microsoft where hackers could read the US government emails, started with hacking one Microsoft employee, IIRC by email phishing, and then elevated from there. Email phishing is one of the biggest security threats that companies face today.

And they are all based on this simple confusion of who sent the message. All email clients should rather make the second-level domain of the sender much stronger than the real name, because that's the only bit of information that can not be forged (if DKIM/SPF is in place).

Thanks for asking, Alex. Maybe the idea to make the second level domain more prominent might allow you to hide the other email address parts and might make it look nicer and more secure.

For senders that are in the user's address books (including Collected Addresses), show only the full name, as set in the address book. For unknown senders, show the email address. What's most important is the second-level *domain* of the email address, because that's the security anchor.

There is a very important security reason for this: *Phishing* is one of the biggest *security threats* today. Phishing is based entirely on the reader (our user) being confused about the origin/sender of the email. If anything, the sender domain needs to be more prominent than it is now, not less. Many of the most famous and disastrous hacks have started with email phishing: The hack of Bundestag, the German parliament, which effectively destroyed their entire IT infrastructure, after having been spied upon. IIRC even the most recent hack of Microsoft where hackers could read the US government emails, started with hacking one Microsoft employee, IIRC by email phishing, and then elevated from there. Email phishing is one of the biggest security threats that companies face today.

And they are all based on this simple confusion of who sent the message. All email clients should rather make the second-level domain of the sender much stronger than the real name, because that's the only bit of information that can not be forged (if DKIM/SPF is in place).

Maybe the idea to make the second level domain more prominent might allow to hide the other email address parts and might make it look nicer and more secure.

For senders that are in the user's address books (including Collected Addresses), show only the full name, as set in the address book. For unknown senders, show the email address. What's most important is the second-level **domain** of the email address, because that's the security anchor.

There is a very important security reason for this: **Phishing** is one of the biggest **security threats** today. Phishing is based entirely on the reader (our user) being confused about the origin/sender of the email. If anything, the sender domain needs to be more prominent than it is now, not less. Many of the most famous and disastrous hacks have started with email phishing: The hack of Bundestag, the German parliament, which effectively destroyed their entire IT infrastructure, after having been spied upon. IIRC even the most recent hack of Microsoft where hackers could read the US government emails, started with hacking one Microsoft employee, IIRC by email phishing, and then elevated from there. Email phishing is one of the biggest security threats that companies face today.

And they are all based on this simple confusion of who sent the message. All email clients should rather make the second-level domain of the sender much *stronger* than the real name, because that's the only bit of information that can not be forged (if DKIM/SPF is in place).

Maybe the idea to make the second level domain more prominent might allow to hide the other email address parts and might make it look nicer and more secure.

For senders that are in the user's address books (including Collected Addresses), show only the full name, as set in the address book. For unknown senders, show the email address. What's most important is the second-level **domain** of the email address, because that's the security anchor.

There is a very important security reason for this: **Phishing** is one of the biggest **security threats** today. Phishing is based entirely on the reader (our user) being confused about the origin/sender of the email. If anything, the sender domain needs to be more prominent than it is now, not less. Many of the most famous and disastrous hacks have started with email phishing: The hack of Bundestag, the German parliament, which effectively destroyed their entire IT infrastructure, after having been spied upon. IIRC even the most recent hack of Microsoft where hackers could read the US government emails, started with hacking one Microsoft employee, IIRC by email phishing, and then elevated from there. Email phishing is one of the biggest security threats that companies face today.

And they are all based on this simple confusion of who sent the message. All email clients should rather make the second-level domain of the sender much *stronger* than the real name, because the domain is the only bit of information that can not be forged (if DKIM/SPF is in place).

Maybe the idea to make the second level domain more prominent might allow to hide the other email address parts and might make it look nicer and more secure.