It’s because of something called DKIM. DKIM tells the receiving email server is fully authorized. I can’t do DKIM as well, I don’t have control over the glitch.me DNS records.
Someone can use this for bad purposes like emailing from a domain that they don’t own like my domain, nicsena.tk by using this project and they can pretend to be me or someone else at a domain too.
You’re both right, but that’s not the fault of aboutDavid’s project, it’s just a design feature of email generally. You can make an email appear to come from any address in the world, and it’s always been pretty easy to do so (with or without this project).
The burden is on email clients like Gmail, Outlook etc. to tell you whether or not an email is legitimate, and that’s why standards like DKIM exist. Emails that fail DKIM will usually go straight to junk/spam.
tl;dr - Not aboutDavid’s fault, it’s email’s fault. It’s always been this way. But it’s ok
IIRC ff the glitch.com domain has spf and dkim records in their DNS settings it should pretty much be impossible for anyone to spoof the email address.
EDIT Not impossible, more like the receiving end would verify that the email was actually sent by glitch.com and not some random place. A decent email provider will reject a mail that fails the dkim signature.
Yes, you’re right. But this could still happen to other business emails made by small organizations, new coders, and others. Like, i could be sending out random emails pretending to be big youtubers like Pewdiepie or DanTDM.
Now this was just an example, like, imagine people falling for this. I do not think this should happen - like, aboutDavid needs to put some kind of security measures to prevent this.
Absolutely! I just thought it would be a good idea to point out it is possible to protect oneselves against email spoofing
I wish there was some sort of signature check for how SMS and MMS work, phone number spoofing and phone label spoofing is way too simple! The SMS and MMS protocols could use an update XD