What about the email client?

There are a lot of folks in the email industry that take issue with my stance that DMARC is not a viable solution to phishing. DMARC, at it’s absolute best, addresses one tiny, TINY piece of phishing.

Look at this message I received today. My mail client presents this as from Quickbooks and hides the actual from email address from me. Most mail clients do that by default. It is possible to change this in some clients, like desktop mail.app. But a lot of clients simply take the choice away from the user.

Screenshot of a phishing email claiming to be from Quickbooks taken from the iPhone email application.

Mail clients are the biggest barrier to stopping phishing. As long as they hide the actual email address, users will be unable to tell when a message is actually phishing.

Click to rate this post!
[Total: 0 Average: 0]

Check Also

stop-obsessing-about-open-rates

Stop obsessing about open rates

In 2020: 250OK says open rates were much lower than ESPs report. The Only Influencers list hosts a discussion about the value and use of open rates. A potential client contacts me asking if I can get their open rates to a certain percentage.A client shows me evidence of 100% inboxing but wants to improve their open rate.An industry group runs sessions at multiple meetings…

>