Kind: Replies

Excellent.

Have you gotten your package yet? I thought I saw something about you getting a package while I was scrolling earlier this morning.

Hi Nick.

@jcsteh @Bruce This. All of it.

@jcsteh @Bruce This. All of it.

Yeah there is that.

We finally got some test results on her yesterday and it's not awesome, but she'll probably eventually get out of the hospital, at least for a little while.

I guess I'm doing OK. The last two weeks have been crazy because my mom's been in the hospital and I've been coordinating between people in multiple states who won't talk to each other, and then my uncle died suddenly last week which means more coordinating, so getting buried in the technicalities of email is kind of a nice change lol.

@FreakyFwoof @Bruce @jcsteh If the email is one character off from what it should be then that email from the misspelled email address is absolutely not legitimate. Email addresses must be typed correctly in order to either reach the intended recipient, or in this case, be sent from the proper domain if you're trying to pretend your a government or Google or Amazon or whoever. That part, at least, is part of the RFCs governing email.

@carrottop1023 @Bruce @jcsteh Since about 2010 or so you cannot send mail via a domain's SMTP server without authenticating, authorizing, and in the case of mass sending services, ensuring the appropriate DNS records are in place at the domain level, unless you've specifically stood up your own server and turned all the authentication/authorization stuff off. So yes you can spoof an email address, but it's nowhere near as simple as spoofing a phone number, and it's also why you often see email addresses in the from field with a character off in either the username or the domain.

Yeah I know the feeling.

No worries you're fine. Aos I forgot to mention governments in my post earlier about who can ironically still be trusted to not abuse the use of name as a verification method.

No worries you're fine. Aos I forgot to mention governments in my post earlier about who can ironically still be trusted to not abuse the use of name as a verification method.

Oh you should totally disregard emails that start with "dear valued customer". To add some context to this, what Jamie and I are thinking of when we hurl invective at this practice is the specific attempt by recruiters and marketers and the like to get extra chummy with us by pretending to be interested in us by way of some cute reference to our name, which happened after governments made a valiant attempt to counter the effects of spam by trying to provide average users with an easy way to verify that an email was from who it was supposed to be from. The problem is that policymakers didn't think through all the ways this would be misused or how easy it was to spoof and co-opt.

Oh you should totally disregard emails that start with "dear valued customer". To add some context to this, what Jamie and I are thinking of when we hurl invective at this practice is the specific attempt by recruiters and marketers and the like to get extra chummy with us by pretending to be interested in us by way of some cute reference to our name, which happened after governments made a valiant attempt to counter the effects of spam by trying to provide average users with an easy way to verify that an email was from who it was supposed to be from. The problem is that policymakers didn't think through all the ways this would be misused or how easy it was to spoof and co-opt.

Ironically, I think Paypal and Amazon are the only orgs that have managed to still maintain trust when it comes to inserting the user's name as a form of verification.

Ironically, I think Paypal and Amazon are the only orgs that have managed to still maintain trust when it comes to inserting the user's name as a form of verification.

The problem, at least with the verification purposes, is that the name insertion is the easiest part to spoof, which is why marketers were able to coopt it and ruin everything. If you want to verify the email is legitimate, you're better off checking the sending domain.

Weather Gods is an awesome app.

It goes on here too. If I had a dollar for every Mastodon post containing an outrageous tale where the most it has is an unverifiable screen shot, I'd never have to work again.