• Emotet@slrpnk.net
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    6 months ago

    It still amazes me that the security concept against spoofing a number for phone calls and SMS is “Please don’t do that, it’s illegal”.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      6
      ·
      6 months ago

      Well, then you probably don’t want to learn more about email…

      • pastermil@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        6 months ago

        Aren’t there more security measures in ensuring email credentials (assuming the user holds up their end)?

        • Emotet@slrpnk.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          Protocols to authenticate email senders exist, e.g. SPF and DKIM. Mostly an enterprise thing, though.

          • MetaCubed@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            1
            ·
            edit-2
            6 months ago

            Unless I’ve seriously lost what “an enterprise thing” is nowadays, I wouldnt call SPF and DKIM (and DMARC for that matter) “mostly an enterprise thing” considering:

            • They are security measures implemented by default with all freemail providers

            • Almost all mail systems will block or flag any mail which isnt at least SPF authenticated

            • Gmail and yahoo now aggressively require DKIM and DMARC to be configured in order for mail to be delivered if delivered in bulk (this is in addition to their past SPF requirements)

            • We (my company) consider it a mandatory now in 2024 to guarantee mail delivery, even for our smallest clients.

            • BarbecueCowboy@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              6 months ago

              A lot of smaller businesses just aren’t bothering to deal with it right now, relying on getting the opposing IT department to just whitelist their address is apparently working for them with their mail volume. I am talking smaller businesses, but also not mom and pop stores, we’re talking national chains, etc. that just don’t care about the impact. That is also assuming that whoever manages the receiving mail server has even managed to keep a policy to block items that fail SPF/DKIM in the first place.

              Gmail and Yahoo are pushing and I love that, but they’re just a bit ahead of the game.