this post was submitted on 08 Nov 2023
565 points (89.8% liked)

Technology

59593 readers
3951 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

you are viewing a single comment's thread
view the rest of the comments
[–] Captain_Patchy@lemmy.world 29 points 1 year ago (2 children)

Again and again and again and again. I get more spam on my linkedin email address than I do on any other.

[–] uranibaba@lemmy.world 13 points 1 year ago (2 children)

I have a set it up so that any email sent to unknown users on my domain gets redirected to email. If you send an email to bad_address@example.com and my real email is uranibaba@example.com, I will still receive the email.

Now this is great because I will just use name_of_service@example.com and still get the email. If the email is leaked, I will know where it came from.

[–] elscallr@lemmy.world 5 points 1 year ago (1 children)

Owning your own domain is great that way. Even makes the little bit I pay to ProtonMail well worth it. There are a few addresses I have dedicated, like my aws@example.com, me@, and my-name@, but the rest just go to a catch all. It's fantastic.

[–] uranibaba@lemmy.world 2 points 1 year ago (2 children)

My mail is hosted by my domain host but I am considering switching to Proton. Have you done such a move?

[–] IlliteratiDomine@infosec.pub 2 points 1 year ago

I made that move and had no issues. You can copy/paste your way through DNS setup and the rest is just configuring your proton account how you want.

You'll want to be familiar with proton and some of the tradeoffs in its privacy model, but it's most likely more feature-full than a hosting provider. Dreamhost, for one, is quite basic.

[–] elscallr@lemmy.world 1 points 1 year ago

Yeah the setup is pretty trivial and it works great.

[–] CosmicCleric@lemmy.world 4 points 1 year ago (1 children)

Be careful, my domain got on a whole bunch of ISP's spam lists because I had done the same thing.

They really don't like open domain email working.

[–] Styxia@lemmy.world 2 points 1 year ago (1 children)

That’s annoying! It’s not been my experience, out of curiosity do you have any theories why your domain/aliases got blocked?

[–] CosmicCleric@lemmy.world 2 points 1 year ago (1 children)

out of curiosity do you have any theories why your domain/aliases got blocked?

For my domain it was put on a spam list that various ISPs use.

When I spoke with one ISP they said it's because I had an open email address situation going, where a spammer can send a spam email out to a third party and on the reply address to they can make up anything as an email address for my domain name and it would be 'valid' because my domain email server was set up to receive all emails that you described.

And because of that I got put on a global spam list which many ISPs use. At the time I didn't even know about my domain being on the list, I just noticed a big drop in emails I was receiving.

FYI this happened over a decade ago, so I do not know if that is the current practice today. But better to make sure any email addresses to your domain that is not valid does not go through. No "catch all" bucket situation.

[–] chaospatterns@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

That's not because you have a wildcard. That's because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.

MTAs use those standards to verify if somebody is permitted to send email for your domain. If you don't have those set then you can get what that ISP described.

[–] CosmicCleric@lemmy.world 1 points 1 year ago (1 children)

That’s because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.

Well I used a third party service to host my domain, and as far as I can remember (like I said this was over a decade ago, maybe almost two decades), everything was set up correctly at that time.

Not trying to dispute what you said, but I can at least speak towards that as far as we knew at the time we had the domain set up correctly on our end, the stuff we could control.

The only thing is we had a catch-all bucket setting turned on for emails to be forwarded to an internal email address of our domain.

[–] bane_killgrind@lemmy.ml 1 points 1 year ago (1 children)

There has never been a correct way to deploy these services, just increasingly complex, featurefull, and or secure ways to do it

[–] CosmicCleric@lemmy.world 2 points 1 year ago

There has never been a correct way to deploy these services, just increasingly complex, featurefull, and or secure ways to do it

You forgot one way.

[–] veloxization@yiffit.net 4 points 1 year ago

I ended up just disabling the alias I use to receive emails from LinkedIn. Since I noticed I just kept deleting those emails without ever reading them, I figured I'd just opt to not receive any emails. :D