cR0w

joined 2 years ago
sorted by: new top controversial old
Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to in c/cybersecurity@fedia.io
[โ€“] cR0w@infosec.exchange 1 points 4 months ago

@jtrentadams@infosec.exchange @tehfishman@ioc.exchange @jerry@my-place.social I thought we were cool until you invited me to join an IETF conversation. ๐Ÿ˜‰

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to in c/cybersecurity@fedia.io
[โ€“] cR0w@infosec.exchange 2 points 4 months ago (2 children)

@tehfishman@ioc.exchange @jerry@my-place.social You make a good point and I appreciate you taking the time to provide more nuance than I was willing to. I agree that the the protections we currently have in place such as SPF, DMARC, and DKIM can be used to protect recipients if they're willing to accept some business risk such as losing inbound emails. I've been implementing them myself on personal domains as well as at $dayjob now that the big platforms are threatening to do the same. It has definitely helped.

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to in c/cybersecurity@fedia.io
[โ€“] cR0w@infosec.exchange 2 points 4 months ago (4 children)

@jerry@my-place.social Nope. Not wrong. Exactly that. But imagine the millions ( billions? ) in profits that would be missed if security was engineered rather than a paid add on.