> Correct, this message isn't forged, it's authentic
I personally receive a lot of emails that aren't addressed to me and aren't marked as spam and have always wondered how this works.
Can someone go into a bit more details about why this works? In what way is this message authentic?
The ARC wiki page says "Validating an ARC chain only makes sense if the receiver trusts the ARC signers."; in this case the receiver is Gmail. Why does gmail trust a random domain (robtoledoyour.com)?
The envelope recipient - the account to which the message is delivered - hasn't got anything at all to do with the contents of the "To:" header, which can be absolutely anything. That's how the "Bcc" feature of email works!
The "To:" header is not involved in any way with the delivery of emails.
I think it’s because YouTube.com is the original sender and it’s considered ok if the receiver trusts the signers. The problem IMO is that the receiver’s mail provider (ex: ms365) doesn’t know if the receiver trusts the signers when deciding to deliver messages.
I’ve seen bad actors flood mailboxes with forwarded mail to obfuscate malicious activity. For example, they send a forged message asking for banking info updates and flood the real address that’ll get the “ok done” reply which I assume is an attempt to delay discovery of the attack.
Yes I would love to know why this works as well. I've noticed over the past few months, I get emails that land in my gmail inbox that are obviously spam (various bs offers), and I've always wondered how they are able to bypass the spam filter with ease it seems. Also the To email line is to an email address that is a variation of my email address @aol.com that doesn't actually exist
The latest thing that started happening a week or two ago was an endless stream of unsolicited mailing list messages addressed to "Prunella" trying to get me to click on links. Ended up just setting up an autodelete when that name is in the Send field (because I discovered Gmail doesn't let you auto-spam folder things).
I personally receive a lot of emails that aren't addressed to me and aren't marked as spam and have always wondered how this works.
Can someone go into a bit more details about why this works? In what way is this message authentic?
The ARC wiki page says "Validating an ARC chain only makes sense if the receiver trusts the ARC signers."; in this case the receiver is Gmail. Why does gmail trust a random domain (robtoledoyour.com)?