On 08/12/2020 10:27, Rich Kulawiec via mailop wrote:
- It's no help with phishing: thanks to ICANN, registrars, and the proliferation of TLDs, phishers have their choice of hundreds of millions of typographically similar domains. Or they can just use freemail providers and rely on the gullibility of recipients.
"Typographically similar" is not "identical". Yes, many people will be fooled by "typographically similar", but not everyone. SPF (and DKIM) allow you to verify to some level of certainty that the sender is who they say they are if you want to try. Without them, you have no chance.
Similarly, if you use a CRM or similar, then "typographically similar" won't fool them, but a spoofed sender will.
Verifying the sender is who they say they are is valuable, even if some people are fooled by messages from "b...@micr0soft.com".
I've had to deal with customers who have lost large amounts of money because of spoofed emails, even though they checked that the sender's email address was valid. If the sender had used SPF or DMARC, it wouldn't have happened. Yes, in hindsight they should have checked bank details offline, but lots of people don't realise that email addresses can be forged so easily; anything that makes it harder is a good thing.
-- Paul Paul Smith Computer Services supp...@pscs.co.uk - 01484 855800 -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
