| ▲ | Thorrez 6 days ago | |
Yeah, it does make things more difficult in terms of teaching people a simple rule. Instead of "ends with @<company>.com", the rule is "ends with @<company>.com or .<company>". OTOH, there were probably a lot of places already violating the "ends with @<company>.com" rule, e.g. by using subdomains, or even other domains. So very little of the online population was likely using the rule. And with email spoofing, even "ends with @<company>.com" can't be relied on to ensure the email is legit. So the rule of "don't click links in emails" is the only foolproof rule. Though you also need to add "don't copy and paste things from emails". | ||
| ▲ | arghwhat 6 days ago | parent [-] | |
Yay for third-party email services that From: be a no-reply address from an entirely different company (and therefore only authenticity validation for that company), and a Reply-To: to some obscure mailbox from the supposed sender. I'm sure that makes perfect sense to most people. > So the rule of "don't click links in emails" is the only foolproof rule. The only truly foolproof rule is "don't open emails". Also helps a lot on mental health and associated expenditures! | ||