|
|
|
|
|
|
by godelski
457 days ago
|
|
|
I can tell you that there's LLM spammers that are pretty good at getting around even Gmail's spam detection. I know because I get them on a near weekly basis and Google refuses to do anything about it despite them being easily filterable and a naive bayes filter could catch. The email looks like typical spam but the source is flooded with benign messages that are also highly generic like password reset stuff or something you'd see from a subscription. But they all involve different email addresses and so they look highly suspicious. I point this out because this makes a very obvious attack, where people can hide tons of junk and injections in the email source that you wouldn't see when opening the email. And how many of the filter systems in place are far from sufficient. So yeah, exactly as you said, giving the ability for these things to act on your behalf without doing verification will just end in disaster. Probably fine 99% of the time, but hey, we also aren't going to be happy paying for servers that are only up 99% of the time. And there sure are a lot of emails... 1% is quite a lot... |
|
|