Reply to post: Re: Email is absolutely broken...

Email security crisis... What email security crisis?


Re: Email is absolutely broken...

To secure YOUR sending emails you'll need the SPF/DKIM/DMARC trio applied - but that doesn't stop fraudulent email from coming in to you. In addition to setting up your own email receipt rules (like how can an email purporting to be from your own business be coming in from outside your domain) you need every other email sender to apply the trio - and/or use (read pay for) a propriety protection or alert system. Which is a growing industry.

The IETF have had plenty of time - and examples - to examine how broken email RFCs are and, along with the apwg and MAAWG, could have started to address some of issues (like checks on the header from address in addition to the envelope from address, IP/domain chains....). But perhaps they have realised that as use of email has progressed beyond that envisaged that it may be easier to try to educate to end user. Unfortunately that cannot be applied in many cases.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020