It’s about time emails will be signed by the sending domain and phishing-by-email is dead instantly.
That already exists, DMARC allows mandatory DKIM. It doesn't really work though, because the whole point of phishing is that users can't tell the difference between http://paypal.com and http://paypal-secure.com (FWIW, I hate DMARC, it causes a lot of collateral damage).
-
-
If I haven’t heard of it yet then nope. I agree with your point. I guess my assumption is people have basic context on real domain names which is wrong :( Maybe only certain manually certified domains should get the ability to sign.
-
That's where you get collateral damage - who's gonna approve your legitimate email server that's been serving 100 users for the last decade?
- 2 more replies
New conversation -
-
-
Spot on. DKIM can't be enforced globally&totally because it needs adoption. But phishing is indeed mostly about the content/intent detection.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.