why there is nothing like a “verified checkmark” for E-Mails of real companies like PayPal to distinguish their E-Mails from scams

1.54K views

why there is nothing like a “verified checkmark” for E-Mails of real companies like PayPal to distinguish their E-Mails from scams

In: 7499

69 Answers

1 2 3 6 7
Anonymous 0 Comments

There is at least for Gmail: Gmail will authenticate the sender of the email and display a “signed by/mailed by” like in the header if it passes those checks. This then becomes one factor used to identify and handle potential spam messages.

Anonymous 0 Comments

There is at least for Gmail: Gmail will authenticate the sender of the email and display a “signed by/mailed by” like in the header if it passes those checks. This then becomes one factor used to identify and handle potential spam messages.

Anonymous 0 Comments

In order for a system like that to work there needs to be a central authenticator. If there’s a central authenticator it’s going to be a for profit corp behind it. If it’s a corp then it’s going to show favoritism to its “trusted validated” companies. And that’s how you get threats to net neutrality. Does not having the trusted symbol mean you’re untrustworthy? Are smaller companies now at a disadvantage because they aren’t trusted?

Anonymous 0 Comments

There are also some companies I’ve had accounts with that will use a code word or phrase that they will always include in an email to you. That at least makes bad spoof jobs completely obvious, since they wouldn’t have that part on there.

Anonymous 0 Comments

There is at least for Gmail: Gmail will authenticate the sender of the email and display a “signed by/mailed by” like in the header if it passes those checks. This then becomes one factor used to identify and handle potential spam messages.

Anonymous 0 Comments

In order for a system like that to work there needs to be a central authenticator. If there’s a central authenticator it’s going to be a for profit corp behind it. If it’s a corp then it’s going to show favoritism to its “trusted validated” companies. And that’s how you get threats to net neutrality. Does not having the trusted symbol mean you’re untrustworthy? Are smaller companies now at a disadvantage because they aren’t trusted?

Anonymous 0 Comments

In order for a system like that to work there needs to be a central authenticator. If there’s a central authenticator it’s going to be a for profit corp behind it. If it’s a corp then it’s going to show favoritism to its “trusted validated” companies. And that’s how you get threats to net neutrality. Does not having the trusted symbol mean you’re untrustworthy? Are smaller companies now at a disadvantage because they aren’t trusted?

Anonymous 0 Comments

There is. The primary problem is that people don’t always take time to actually look.

Each domain, like example.com can “blue check” their outgoing emails. Many mail servers will even reject incoming mail that doesn’t have the “verified check mark”.

The problem is that humans see an email, with the “blue check” from instascam.com saying their instantgram account is locked, click the link to instascam, their browsers loads the instascam webpage that they then enter their credentials into.

More details on how sent emails are verified. https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/

Anonymous 0 Comments

There are also some companies I’ve had accounts with that will use a code word or phrase that they will always include in an email to you. That at least makes bad spoof jobs completely obvious, since they wouldn’t have that part on there.

Anonymous 0 Comments

There are also some companies I’ve had accounts with that will use a code word or phrase that they will always include in an email to you. That at least makes bad spoof jobs completely obvious, since they wouldn’t have that part on there.

1 2 3 6 7