{"p":"","h":{"iv":"ROXSYW+cfvEbFHu5","at":"ocxplSQjdRC3tXEtB/9/wg=="}}

@darius FWIW email is a lot more secure, on average, than people give it credit for. It doesn't break in the nice clean way that e.g. spoofed TLS would, but in practice if you try to blast out plaintext SMTP forged from: headers these days, you get blackholed into oblivion 99% of the time. servers are also using TLS between each other and so grabbing messages off the wire is not trivial either.

1
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Darius Kazemi

@glyph right, and ActivityPub has similar protections built in for forged from fields and the like. The core insecurity of "Google can hand your plaintext email to the cops" is analogous to "admins can read your DMs" that people on here are always bringing up

1
1y
Replies