[taneq]

TBH this is probably the best argument for actually conducting phishing pentests. It shuts up the technical users who think they're too smart to need the handrails and safety nets that the IT department set up for the rest of the average plebs who work there.

(Speaking as one of the technical users here. Of course, it wouldn't happen to ME! :P )

[eru]

If you never read your emails, it's hard for them to get you with phishing emails.

[kuschku]

if you've got email filters set up that sort emails by (dkim-verified) sender into folders, phishing becomes immediate obvious as you start to wonder why it isn't sorted into the right folder.

[zahlman]

I'd heard that the spammers are better at using DKIM correctly than legitimate users nowadays... ?

[Aeolun]

I dunno, if I get phishing emails in my inbox I feel like a certain team has already failed. We have a firewall that blocks anything non- approved. Do the same thing with emails.