Hacker News new | ask | show | jobs
by ma2rten 2616 days ago
- Email coming from addresses to which I had already sent email. (!)

That is understandable. It is hard to validate if an email is authentic. SMTP has no authentication built in. Gmail can't just blindly accept all emails from addresses that you have already sent an email to.

EDIT:

Look at this example: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#...

Anyone can connect to relay.example.com and pretend to be bob@example.com.
3 comments
muppetman 2615 days ago
Not if you use SPF/DKIM/DMARC they can't, that's the whole point of those various additions.

All those "I hacked your email and send you a message from you account" I don't get, because I have a DMARC policy that says if you don't pass SPF/DKIM then you get rejected. So try as the spammer might to connect to my mailserver and pretend to be me, they can't, because my mailserver sees they're not authenticated, and the mailserver they're sending from isn't in my SPF records, isn't signing the message with my DKIM key and therefore it gets rejected at the SMTP level.

link
deno 2615 days ago
That’s what SPF[1] is for, and optionally DMARC[2].

[1] https://en.wikipedia.org/wiki/Sender_Policy_Framework

[2] https://en.wikipedia.org/wiki/DMARC

link
bdhess 2616 days ago
Huh? If it's in the Spam folder, they do accept it.
link
ma2rten 2616 days ago
I meant accept as not spam.
link