|
|
|
|
|
|
by pwg
2621 days ago
|
|
|
> My question: is it unreasonable of me to expect my email provider does not allow email sender fraud? Yes, because you expect something that is not possible given how SMTP email is designed. Sender spoofing is trivial to perform and unless the recipient has sufficient technical knowledge to detect the spoof (they don't need much technical knowledge, but they do need some) the recipient will not know one from another. You validate that your emails did in fact get sent by you by GPG (https://www.gnupg.org/) signing them when you send them, and having the recipients know enough to be able to verify the GPG signatures. |
|
|
That would seem to ensure the sender without requiring end users to manage GPG keys or validate signatures.