Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wish we would have more intelligent email clients, that can be as "dumb" as remembering the email addresses and geolocation routes from their senders.

It literally could be a simple ASN lookup, and you would prevent 99% of targeted phishing emails.

Nobody in the world uses some random domain.trade to send emails as company.com ffs.

Microsoft is kind of not giving a damn about security and I dont understand why they do not invest in Outlook security that much. To me this is straight up offensive how they behave.

How can it be that a VBA exploit from 2003 can still compromise an updated system in 2023?



> Nobody in the world uses some random domain.trade to send emails as company.com ffs.

Lots of emails come via mail delivery services.. random domains (sendgrid, amazonses, mailchimp)

Many phishing attempts can be defeated by SPF[0] (the servers that are allowed to send email for this domain), DKIM[1] (proof that it was sent from a domain, and not tampered with), and DMARC[2] (what to do if the email fails SPF/DKIM). Many virus scanners, spam filters pay attention to these, but your mail service can filter mail by it too.

The other piece is seeing `FROM` (just a mail header, spammers will set this to what they're pretending to be) vs `Reply-To` (if you reply this is the address the message will be sent to, for spam this is often unrelated to the content eg random1222@example.com) vs `Return-Path` (who sent the email). This is sort of like the `raw domain` vs `internationalized domain` (allowing UTF8 similar characters to spoof a domain) vs `hiding the URL` problem in the browser.

[0]: https://en.wikipedia.org/wiki/Sender_Policy_Framework [1]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail [2]: https://en.wikipedia.org/wiki/DMARC




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: