Mark London <m...@psfc.mit.edu> writes: > Alan, you’ve pointed out the issue with the scam emails. Specifically > with the phone number. Venmo emails are doing something similar. I’m > sure thst PayPal and Venmo will not do anything to stop these. PayPal > knows about it. They have warnings on their website about the > scams. That’s all they will do.
If paypal is allowing user-generated content to leave @paypal.com with valid DKIM, then they should be immediately removed from default WL. The usual responsible practice is to have a separate domain for customer mails and company-originated mail. E.g. verizon.com vs verizon.net, google.com vs gmail.com.
