> On 12 Feb 2024, at 14:33, Sebastian Nielsen via mailop <mailop@mailop.org> > wrote: > > >>Do they also allow you to search for the original sender? > No not via sender search, as the encapsulated email is part of the BODY of > the container email. > So usually you have to search via body search.
So you are still changing the fundamental way email works. > > >>And, again, what is the overall benefit to the end user from this scheme? > Benefit is that email can be verified in a more streamlined way, which > minimizes phishing and spam, if no servers are authorized to use any other’s > email address, even if forwarding an email. > It benefits users in the long run, as less and less people will be scammed by > bank phishing and similar schemes, making email a more secure communication > medium, by using already established systems like SPF, DMARC and DKIM to > verify email’s legitimacy. Is this actually the case, though? I’ve heard a lot of folks claim that, somehow, SPF, DMARC and DKIM verify an email’s legitimacy. But we’ve seen how bad actors are currently sending malicious mail that pass SPF and DMARC or DKIM and DMARC. I mean, someone created a PayPal account and sent PayPal phish that passed DMARC. Other folks have used SPF escalation attacks to send DMARC passing phishing mail. These attacks are happening so how does breaking forwarding help the end user? What is to stop the bad actors from setting up systems where they are simply forwarders who create a fake email with SPF / DKIM and DMARC and then encapsulate it and forward it on to the end user? Additionally, most actual research shows that trust indicators simply don’t work for end users. I’ve seen studies related to email trust / brand indicators in the inbox not changing user behavior and there are lots of studies that show that’s the case with the web and the lock or the green bar or whatever type of SSL there is. So we have a situation where a) trust indicators can’t be trusted because they are already being exploited by bad actors to send SPF / DKIM / DMARC passing email and b) wrapping up an email and forwarding it through an untrusted source means authentication can be trivially forged, and c) trust indicators don’t actually work. In the face of those facts, what value does this bring to email? laura -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
