On 2023-07-12 at 18:53:31 UTC-0400 (Wed, 12 Jul 2023 15:53:31 -0700)
Michael Peddemors via mailop <mich...@linuxmagic.com>
is rumored to have said:
On 2023-07-12 12:53, Jaroslaw Rafa via mailop wrote:
Most of regular consumer email users don't have any reason for this.
As Bill
Cole, whom I was replying to, wrote - nobody would try to impersonate
you or
me in a phishing campaign for financial gain, because there won't be
any.
hehehe.. they do it all the time.. It's your contacts that will fall
for it, and it will probably be to place a trojan.. and clean out
THEIR data, and banking information..
I've been having waves of both random and targeted email forgeries for
25+ years. I've had my personal mailserver knocked offline by the
bounces of a spam run that used entirely invented scconsult.com
addresses. The price of using Usenet for over a decade with a real email
address.
I've never had a personal or professional contact tell me that they've
received mail forged to appear to be from me. Not using my personal nor
professional email addresses. I have no secondary evidence of that
either. Maybe that's because all of my contacts know that I don't send
anyone random message or anything in HTML so they just ignore it, but I
doubt that. It just does not happen. I don't believe that I am special.
I am not saying that random people don't hit the bad luck lottery like
this every day, just that most people will never have it happen to them
while some people will see a lot of it.
Trust me, fought the whole SPF for a long while, it was 1/2 baked..
but when a bank or a large instition publicizes a clean SPF record..
honour it.. they will be forged more..
Yes. That's what SPF is good for: protecting senders of high-value mail
from forgery.
I don't ignore SPF/DKIM/DMARC entirely, but they are very low-value
tests in differentiating between legitimate and illegitimate email
relative to their processing cost. They only provide usable in formation
for those domains that one already is familiar with.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
