Well, what appeared to be mail from a headhunter anyway.  But the irony here is that DKIM is much less useful in preventing these kinds of (spam-related, human engineering) attacks than might be thought, since (a) most sites -- including legit ones -- don't routinely support it, and (b) most email recipients are largely oblivious to any associated warnings.  So, while DKIM indicating a problem with mail from the citi.com domain might be noticed by some users running compatible MUAs (Message User Agents), mail coming from a forged, non-DKIM supporting domain like citi-banking.com would probably be accepted as reasonable by many or most recipients. - Lauren
Shared publiclyView activity