There is. The primary problem is that people don’t always take time to actually look.
Each domain, like example.com can “blue check” their outgoing emails. Many mail servers will even reject incoming mail that doesn’t have the “verified check mark”.
The problem is that humans see an email, with the “blue check” from instascam.com saying their instantgram account is locked, click the link to instascam, their browsers loads the instascam webpage that they then enter their credentials into.
More details on how sent emails are verified. https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/
Latest Answers