[Cryptography] Well Known Bad Idea: ask users to make security decisions, or If you *work* for Apple, please update your email software

[Jon Callas]

> On Oct 7, 2025, at 08:11, Henry Baker <hbaker1 at pipeline.com> wrote:
> I keep getting emails from banks telling me to double check the sender of
> any emails to make sure that they aren't spoofed (although they don't use
> that technical term ! ).
> 
> But Apple makes it very difficult to do exactly that, so perhaps these banks
> should put the pressure on Apple instead of bothering their customers.
> 
> As I keep saying, Apple is missing in action in the fight against fraudsters
> and spammers.
> 
> Some more cynical than I might think that Apple, as a purveyor of a walled
> garden, has an incentive to scare the pants off its customers in order to
> keep them locked inside their walled garden -- even to the extent of making
> their communications with those outside this garden vulnerable to 5th
> graders.

I'm really not sure what to say, Henry.

As we've all noted, none of us really like the present situation, and yet there's not just one single actor. On iOS, it's slightly inconvenient to see a sender, but it's there. I do my serious email things on my laptop because there's an explicit setting to always show the full email address, and I too just like it like that. 

There's a similar situation on Android, and please don't get me started about Outlook, which makes it nigh impossible to do anything but top-post with rich text. And they really don't like me deleting spam messages. This is dangerous, don't read it! Are you sure you want to delete it, 'cause deleting it is irrevocable!

Nonetheless, on iOS, you *can* see the sender by tapping the highlighted sender. They've also implemented the latest go-around on authenticated logos. I've attached a screenshot, where you can see an Amazon message both with the authenticated logo and the pop-up that tells me it's <store-news at amazon.com>. If you're asking for a setting to make it so that the default is the full email address, we're all with you.

At the same time, we know that pushing the decision to the user doesn't work. We've totally given up on green bar TLS certs for that reason and it's basically a good thing. (Moreover, the present thinking is that there's no UI information on something secure, the extra UI is for things that are insecure in some way.) It's even worse when, as John Levine noted, a trusted sender (like BoA) is using a skank-looking sender like <CARDSERVICE at APPLYONLINENOW.COM>.

What actionable thing would you like?

	Jon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 82AE6127-ECC7-439B-83EE-1D73CEF72750_1_201_a.jpeg
Type: image/jpeg
Size: 50184 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251007/4f3d225c/attachment.jpeg>