pull down to refresh

What's interesting is mine had a legitimate looking sender email.
36 sats \ 0 replies \ @DarthCoin 2h
Do not look at the sender email address. That is fake anyways and is how it tricks users. Look at the header of the email message. In the header you can see the real email server that sent that message and its IP and all other technical details.
Usually in any email client, open the message and in properties you can see all the header info.
And if you want to compare it with what is the real getalby.com sender check it here https://mxtoolbox.com/SuperTool.aspx?action=mx%3agetalby.com&run=toolpage#
Anyways strong DMARC, DKIM and SPF records must be implemented for any email domain you are running so most of email clients could reject phishing emails from the start.
reply
36 sats \ 2 replies \ @TNStacker 3h
Same
reply
0 sats \ 1 reply \ @saunter 2h
Your passwords are safe but you may get phishing emails that look like coming from Alby in the future, so be careful
reply
100 sats \ 0 replies \ @DarthCoin 28m
I was looking into getalby.com domain MX records using https://mxtoolbox.com (very good tool to configure properly your email server) and I found these rules used for anti-spam and anti-phishing rules:
DMARC actual
v=DMARC1; p=none; rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net
I would put a stronger DMARC with:
v=DMARC1;p=reject;sp=quarantine;pct=10;rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net;ri=86400;aspf=r;adkim=r;fo=1;
SPF v=spf1 include:zoho.eu include:spf.ourmailsender.com include:spf.mandrillapp.com ~all
I would change ~all into -all
In this way, in case of a phishing attack, the recipients email servers can reject more easily those phishing (fake) emails.
reply