Shared publicly  - 
Well, what appeared to be mail from a headhunter anyway.  But the irony here is that DKIM is much less useful in preventing these kinds of (spam-related, human engineering) attacks than might be thought, since (a) most sites -- including legit ones -- don't routinely support it, and (b) most email recipients are largely oblivious to any associated warnings.  So, while DKIM indicating a problem with mail from the domain might be noticed by some users running compatible MUAs (Message User Agents), mail coming from a forged, non-DKIM supporting domain like would probably be accepted as reasonable by many or most recipients. - Lauren
Fernando José Mosquera Miranda (Fer Mosquera)'s profile photoMichael Bennett's profile photoDerek Pennycuff's profile photoJessica Obermayer's profile photo
I love stories like this. The more you know the more you find out you don't know. Digging in the dirt or digging in the code.
Add a comment...