this post was submitted on 26 May 2025
2 points (100.0% liked)

Cybersecurity

30 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
shellsharks@fedia.io
tweedge@fedia.io
2
I received an "important email" from #Dreamhost about my domain registration. You'd think that #email security would be paramount for them. (hear-me.social)
submitted 2 months ago by Jerry@hear-me.social to c/cybersecurity@fedia.io
1 comments fedilink hide all child comments
 

I received an "important email" from #Dreamhost about my domain registration. You'd think that #email security would be paramount for them.

They have no DKIM setting, so it's impossible to see if the email was tampered with in transit and if it was sent by the claimed sender. And, their DMARC policy is p=none, which tells email providers, "don't do anything special if you can't verify me".

Their dreamhostregistry.com domain is wide open for spoofing because they've configured it to be wide open for spoofing.

How can a web hosting company be so lax about email security? How can I trust emails they send to me if I have no assurance they sent it, and it wasn't modified in transit?

#Cybersecurity #DKIM #SPF #Spoofing #EmailSecurity

you are viewing a single comment's thread
view the rest of the comments
[–] Jerry@hear-me.social 2 points 2 months ago

OMG. It gets worse. The link in the email doesn't go back to their own domain, or even one they control. It points to a 3rd party domain owned by Tucows called name-services.com.

They are training customers to let down their guard when using the link from an email they supposedly send. A scammer can get a similar domain name to easily fool people to click the link since customers have been taught there's a 3rd party link.

They've done everything wrong relating to email security, and they are a web hosting company that should do everything right.