I recall that subdomains are their own record inside a DNS, which would imply that anyone can claim that their server is a non-existent subdomain of the real domain

  • MartianSands
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 month ago

    Really? They don’t use TLS at all? That sounds hilariously insecure

    • chameleon@fedia.io
      link
      fedilink
      arrow-up
      2
      ·
      1 month ago

      The email ecosystem is changing in recent years but yeah, it’s best to expect that there is at least one opportunity for any given email to be sent over the internet unencrypted. MTA-STS has been slowly changing the landscape but adoption isn’t going all that great.