pull down to refresh
Do not look at the sender email address. That is fake anyways and is how it tricks users. Look at the header of the email message. In the header you can see the real email server that sent that message and its IP and all other technical details.
Usually in any email client, open the message and in properties you can see all the header info.
And if you want to compare it with what is the real getalby.com sender check it here https://mxtoolbox.com/SuperTool.aspx?action=mx%3agetalby.com&run=toolpage#
Anyways strong DMARC, DKIM and SPF records must be implemented for any email domain you are running so most of email clients could reject phishing emails from the start.
Great advice as usually @DarthCoin.
I find it very annoying how most email clients handle security/privacy. The amount of people that get scammed due to this has to be insanely high.
Same
Situation is explained here: https://primal.net/e/nevent1qqswh5upmuma0h89vdnh7pnk6ap637xg0mtt0k32hwaxrxm98vuv28c3euur7
Your passwords are safe but you may get phishing emails that look like coming from Alby in the future, so be careful
I was looking into getalby.com domain MX records using https://mxtoolbox.com (very good tool to configure properly your email server) and I found these rules used for anti-spam and anti-phishing rules:
DMARC actual
v=DMARC1; p=none; rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.netI would put a stronger DMARC with:
v=DMARC1;p=reject;sp=quarantine;pct=10;rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net;ri=86400;aspf=r;adkim=r;fo=1;SPF v=spf1 include:zoho.eu include:spf.ourmailsender.com include:spf.mandrillapp.com ~all
I would change ~all into -all
In this way, in case of a phishing attack, the recipients email servers can reject more easily those phishing (fake) emails.
What's interesting is mine had a legitimate looking sender email.