undefined | Better HN

0 pointsAlex39177y ago0 comments

> Notice the "i", different from abcde@mydomain.com

The username on the domain doesn't matter, only the domain itself.

0 comments

xoa7y ago

>The username on the domain doesn't matter, only the domain itself.

Of course it matters if it means that it wasn't actually sent from the domain in the first place and there were no "hacks" involved. You said "emails sent from your domain..." but you do know the "From" address in standard email is utterly meaningless from a security perspective right? You can just

  sendmail -f any.address@example.com any.target@example2.com < email.txt

and that's it. There are ways to mitigate that these days and someone can always examine the headers of something suspicious but a lot of older desktop clients and mailservers won't.

Your entire (dubious and uncited) assertion rests on an assumption that it was in fact "sent from their domain". If someone forged it instead then it doesn't even get into law at all, OP simply had nothing to do with it period. Their account wouldn't have been hacked, neither they nor their kit would have any involvement.

dkersten7y ago

Additionally, it could very well be that one of the letters in the domain name looks like but isn’t one of the normal English ascii characters. I’ve seen scans like this before — they are visually indistinguishable (or extremely close to, eg I’ve seen one that had a tiny dot above the character it was mimicking) from the real thing, but are a completely different Unicode character.

But if you don’t check the email headers, emails are easy to spoof, hell, I did it when I was a kid...

Alex3917OP7y ago

> but you do know the "From" address in standard email is utterly meaningless from a security perspective right?

That would be the argument as to why the domain owner would have a duty of care when also using the domain to send legitimate business email. Again I'm not saying there is a duty of care here, I'm just saying that it's not obvious to me that there isn't one.

uh_what7y ago

This is one of the most hilariously wrong things I've ever heard of. So if I send an invoice to billing@facebook.com and reply from (my account) uh_what@facebook.com agreeing to the terms, Facebook legally owes me the amount on the invoice?

Alex3917OP7y ago

Clearly not. It's a general principle of law, not an ATM machine.

E.g. employers are on the hook for damages due to sexual harassment among their employees, but that doesn't mean you can sexually harass yourself and then automatically collect free money.

j / k navigate · click thread line to collapse

0 comments

xoa7y ago

>The username on the domain doesn't matter, only the domain itself.

  sendmail -f any.address@example.com any.target@example2.com < email.txt

and that's it. There are ways to mitigate that these days and someone can always examine the headers of something suspicious but a lot of older desktop clients and mailservers won't.

dkersten7y ago

But if you don’t check the email headers, emails are easy to spoof, hell, I did it when I was a kid...

Alex3917OP7y ago

> but you do know the "From" address in standard email is utterly meaningless from a security perspective right?

uh_what7y ago

Alex3917OP7y ago

Clearly not. It's a general principle of law, not an ATM machine.

E.g. employers are on the hook for damages due to sexual harassment among their employees, but that doesn't mean you can sexually harass yourself and then automatically collect free money.

j / k navigate · click thread line to collapse