Hacker News new | past | comments | ask | show | jobs | submit login

> if they use a reputable bulk mailing service

If they use a reputable bulk mailing service instead of using their first-party domain then they are indistinguishable from a phishing attack.




> If they use a reputable bulk mailing service instead of using their first-party domain then they are indistinguishable from a phishing attack.

With most bulk mailing services, the message will come from the "first-party domain". They will have configured that service as a legitimate sender for the domain via SPF/DKIM DNS records.


> With most bulk mailing services, the message will come from the "first-party domain". They will have configured that service as a legitimate sender for the domain via SPF/DKIM DNS records.

It's not just the from:marketing@firstparty.com that I'm talking about. If the unsubscribe link does not also go to firstparty.com, then it's still indistinguishable from phishing.


No, a reputable bulk mailing service can still send from their customers' principal domains with spf/dkim set up to include that service's info.


> No, a reputable bulk mailing service can still send from their customers' principal domains with spf/dkim set up to include that service's info.

Tell that to the links in the email that go to the reputable service's click aggregation service.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: