When designing a internal CRM we incorporated a few extra features such always displaying link addresses (mailto and url), which works so well at making the majority of phfishing emails so obvious I just cringe every time I use IOS Mail.<p>Which got me to wondering if IOS Mail's refusal to add a setting to display the sender's email address right in the inbox might actually be a leading cause of successful phfishing attacks... If you can see right in your inbox that "xyz.abc@def.jp" is claiming to be "Rackspace Support" and was the sender of "Important notice regarding your Rackspace account" there is NO need to open or interact with the obviously fake email... wipe left and be done with it.<p>But Apple (and other clients) continues to not only hide that important info by default, but does not provide an option to display it in the inbox. (Even Apple's Mac Mail client development team has made some ill-informed decisions in this regard.)<p>Of course, an IOS user CAN see the sender's email... after they OPEN the email, TAP the sender name, then TAP it again. For every message. Explain THAT to your grandparents.<p>I suspect the extra steps mean it only gets used by more sophisticated users who sniff something pfishy about the email itself. Not the people who need it most.<p>It seems to me that any responsible email client provider ought to recognize the importance of the sending email address as a first line of defense against the simpler attacks such as the example above.<p>IMO a 2nd line of defense email clients ought to add is link-expanders too. For example in our system if the link label includes "homedepot.com" but the actual url is not a homedepot.com url we expand it to look something like "NOTICE: see more at www.homedepot.com LINKS TO xyz.abc@def.jp" right in the email and remove the active link.<p>Link expansion makes pretty marketing emails look not-so-pretty.<p>It also makes the most common bad-guy emails we see stick out like a sore thumb.