On 2022-03-21 11:43, Sebastian Nielsen via mailop wrote:
But if Microsoft got fined for every phishing email that escaped
This would QUICKLY kill every free email service, and every email service would
become pay-only, to cope with the fines. Propably with obligation-to-pay
contracts too, so they can forward the fine down to the user that sent the spam
(Meaning you would need to have a credit rating to be able to use email,
meaning those on social security without income wouldn't be able to get email,
as you would need to be able to get a credit card, to get email).
The best solution I would propose, is that Email should slowly transitition to a requirement that
the address inside "MAIL FROM:" and "From:" header in mime data, *must* exactly
match.
And a standard that MUAs (including mobile MUAs) must clearly show the email
address more prominently than the name of sender, UNLESS the user positively
have added the sender into contact book. (In the same way that browsers now
show the SLD and TLD in another highlighted color prominently to combat
phishing in the form of mybank.tld.somephishingdomain.tld variant of phish)
Seriously? Using Hotmail/Google is NOT FREE.. (Havent' seen the number
lately, but was somewhere around $2/3 dollars a mailbox Gmail claimed to
be making I seem to recall)
They can afford to spend more money on outbound spam/threat detection.
Accurate MAIL FROM (matching the actual authenticated user) is always a
good recommendation, but there are many reasons that can't work, as the
From header represents an 'identity' and not the user..
What was Digital Ocean's recent market cap?
But yes, small screen real estate, and 'user friendly' concepts have
made it so that end users are more easily fooled.. But the email
providers have a role to play in ensuring those kinds of forgeries don't
get in front of the users.
And Banks who use a 3rd party sender that doesn't clearly identify
themselves, or an AWS instance that doesn't have reverse DNS, I mean
really? Are we THAT short of talented engineers?
In the end, it isn't the Bank that suffers, it is the end user.. "Well,
that transfer occurred from your phone".
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
