this post was submitted on 12 Apr 2025
1 points (66.7% liked)

Cybersecurity

30 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
1
Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to (hear-me.social)
submitted 4 months ago by Jerry@hear-me.social to c/cybersecurity@fedia.io
2 comments fedilink hide all child comments
 

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

you are viewing a single comment's thread
view the rest of the comments
[–] faebudo 1 points 4 months ago

Yes, when setting up their own domain they can as well set the dmarc policy to reject and add valid spf and dkim records. They also do this sometimes.