The email that you are using is based on a technology developed 39 years ago. It is the SMTP protocol, which was published as RFC 788 in November 1981. RFC788 is the design and theory, Sendmail is the software which was released 1983. Now around 85% of emails are using SMTP protocol.
Why we mentioned history here? It is because we met with clients recently suffered from email-based phishing attacks due to design faults in SMTP. Fake emails were sent using their email company domain names. In another case, email password was transmitted in plaintext. It was all because the SMTP and Sendmail were not designed to deliver mission-critical and highly sensitive information in a hostile network. After all, the first-generation Internet in 1980s was designed for university researchers to share information.
Sender verification is absent.
SMTP systems do not check the sender email nor enforce it. The sender email address has two parts one is for UI display and the other is for mail server delivery. This is the main reason your inbox show John.White@example.com but the sending email address is actually firstname.lastname@example.org. A secure way would be showing the real sending address and ignore the UI display name.
SMTP also allows anyone to be host a server with name "citi.com". There is no machanism to check if the owner of a SMTP server is really the owner of the domain name. Scammers are taking advantages of these lax designs and impersonating well known domains.
SPF, DKIM and BIMI cannot solve phishing problem
We are solving 2020 problem with 1983 technology. There are some patch works, like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). Also recently, there are Brand Indicators for Message Identification or BIMI (pronounced: Bih-mee) which is an emerging email specification that enables the use of brand-controlled logos. But looking at the wide spread of email phishing and data breaches, it is obvious that these patch works cannot solve the root cause.
Emails are still widely used for password reset, payment confirmation and even tax! We have to be more adaptive to the ever evolving world and learn how to use email system smartly. Hoplite Tech is working on an email hygiene guide for non-tech users. If you like to have a preview, please register HERE.
SPF : https://tools.ietf.org/html/rfc7208