A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • @[email protected]
    link
    fedilink
    61 year ago

    SPF/DKIM/DMARC does not prevent sending the spoofed message, though. It is up to the recipient system to filter out the message should the checks fail. Even then, the message often lands into spam instead of being dropped.

    • My Password Is 1234OP
      link
      31 year ago

      Anyway they should configure their systems to reject unsigned e-mails and providers that don’t have a proper SPF configuration. SPF (Sender Policy Framework) allows you to make sure that the message was sent by an approved server and was not forged by some hackur.

      • @[email protected]
        link
        fedilink
        41 year ago

        You’d be surprised how many legitimate email are sent with failed SPF. Even Microsoft sometimes doesn’t update their MX records and the SPF fails.

        • @[email protected]
          link
          fedilink
          11 year ago

          That is especially true with large organizations where multiple non-technical teams are ordering/configuring products that send email.

          Unfortunately it is difficult to solve, unless services stop allowing sending without verifying and forcing proper configuration. That would drive sales to competitors who do not enforce this, though.