Okay, the technical breakdown is wild. But my first thought was: how on earth do I explain this risk to my non-technical boss or clients? If I say 'they can bypass DKIM with a replay attack,' their eyes will just glaze over. We need a simple, powerful way to communicate this stuff. Anyone have a good one-liner for this?

"Read the full email before freaking out" would probably be appropriate. This article is deceptive because it does not show the full email and only shows the phishing part. The full email is definitely in the format "scary text here" "actual google message", so something like "Give us all your money or die has been created as a google app", which would raise an eyebrow even in the most non-technical person.

The one-liner is “emails you receive may be forwarded”. Article is really confusing and oversells the attack. See my other comment https://news.ycombinator.com/item?id=44680400.

flag forwarded mails?