| ▲ | bawolff 2 days ago | |||||||
> Imagine trying to explain to a relative the lesson of this post: always be suspicious, even if the email is from a trusted domain and dkim/dmarc/spf all pass Imagine explaining to a relative what dkim/dmarc/spf is! These are all behind the scenes technology that users should not be aware of. Honestly this attack is not as scary as it sounds. The article is being misleading to sell their product. > It does seem surprising the To: header isn’t one of the headers that is covered by the dkim signature. I dont think that would really matter. How often do you read the To header. Keep in mind that in email the To header does not have to include the intended recipient. | ||||||||
| ▲ | fc417fc802 2 days ago | parent | next [-] | |||||||
> How often do you read the To header. Keep in mind that in email the To header does not have to include the intended recipient. Perhaps if the address at which you received the email does not match any which are covered by the DKIM signature then your client could warn you about the potential for foul play? | ||||||||
| ||||||||
| ▲ | 2 days ago | parent | prev | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | salawat a day ago | parent | prev [-] | |||||||
>These are all behind the scenes technology that users should not be aware of. Every time I hear this statement, alarm bells ring in my head. We aren't immortal. None of us is omniscient, and unfortunately the bad actors we're trying to protect against obviously don't give two shits about getting their hands dirty. We can't just hide all implementation details from users, especially when today's users may of necessity become tomorrow's admins. | ||||||||