In email the From: address rarely delivers the mail. From: and To: are the ones that you see in your mail client and correspond to the addresses on the letter within.
For example here are some headers from some spam I received:
From: is what I see in my client and Reply-To: is where a reply would go to.
This one is much better, note how I'm BCCd and To: is complete bollocks:
Reply-To: dr.ahmed.faruk@outlook.com
From: Dr Faruk Ahmed <dr.faruk.ahmed1@gmail.com>
Subject: MANAGER AUDIT AND ACCOUNT DEPT
To: undisclosed-recipients:;
BCC: <gerdesj@blueloop.net>
Return-Path: dr.faruk.ahmed1@gmail.com
Given that Reply-To and Return-Path are in different domains, where would a reply go to?
What about an out of band verification by the carriers?
Basically a large registry. When I call someone I tell t-mobile who I'm calling, and they register it. Then on the receiving end Verizon checks with T-mobile or a central registry, and says yep James's number is calling this number. Then it marks it as a verified call.
iOS/Android could do something like this. You register your number with Apple/Google and link your account with them. When you call someone you set a field on your account that you're calling someone. When the person who you're dialing gets rung, their dialer can look up Apple/Google and see if that number was indeed calling them, and add a "verified" checkmark to the call.
This leads down a privacy/metadata rabbit hole, but there are probably ways to make this a lot better. In any case, the phone OS can do some out-of-band signaling and just avoid dealing with the carriers altogether.
Although if you're doing all that then why not just make a call using voip...
For example here are some headers from some spam I received:
From: is what I see in my client and Reply-To: is where a reply would go to.This one is much better, note how I'm BCCd and To: is complete bollocks:
Given that Reply-To and Return-Path are in different domains, where would a reply go to?