In college I had to write a program to send emails. This was around 2012. Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from. There are obviously ways to sign the message and verify it and most email servers block messages that don’t have these because of how trivial it is to fake. It’s basically like putting a name tag on that says “Joe Biden” and everyone believing you’re the president.
I didn’t do anything malicious but I did mildly prank my girlfriend. I don’t remember what I did but I’m pretty sure I told her before I did it. I really didn’t want to end up getting expelled for “”“hacking”“” so I didn’t do anything remotely bad. The irony is the assignment wouldn’t have worked and been as interesting if my campus had the proper security measures to block the messages.
It could be that the web client for our email mentioned something about the sender being unverified and not to trust it but I don’t remember.
I almost got kicked out of school for this! I sent an email to my girlfriend from some girl that we didn’t like, saying something like “you’re a huge bitch, haha just kidding this is actually jballs not the chick we don’t like.”
Problem is that I wrote my girlfriend’s email address wrong, so it bounced back to the sender (the girl we didn’t like).
So I had to explain to a university dean exactly what I did and how I didn’t actually “hack into” the girl’s email account. That was fun.
Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from.
I remember realizing this and thinking it was weird too when I was reading about SMTP. Specifically, the MAIL FROM command.
I tried to send a message to support for a company with a form on their website. I got an email back saying it didn’t pass SPF because they used my email address in the From: header.
I did manage to find the email address their PHP script tried sending it to. I emailed them about the problem with solutions to fix it. And of course they never got back to me.
People did and DO complain about setting up email. ISP email is a great example of this. People forget their IMAP and SMTP address configuration stuff all the damn time. Always have.
I used to do home IT, and I had to help people through that crap constantly.
That said, these days people have gravitated to clients like gmail or outlook. Those push the user onto a certain domain, which makes setup dead simple. This is what mastodon.social is doing now. Making it so people don’t have to think about the instance at sign up.
Yeah I agree email kinda sucks. But everyone still uses it, and (as far as I’m aware) people aren’t writing articles about how confusing email is for people and why that makes it a failure. Mastodon and Lemmy are, in comparison, much better and way less confusing but you see that said all the time about them.
If email were invented today people would complain about how complex and annoying it is to sign up.
In college I had to write a program to send emails. This was around 2012. Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from. There are obviously ways to sign the message and verify it and most email servers block messages that don’t have these because of how trivial it is to fake. It’s basically like putting a name tag on that says “Joe Biden” and everyone believing you’re the president.
I didn’t do anything malicious but I did mildly prank my girlfriend. I don’t remember what I did but I’m pretty sure I told her before I did it. I really didn’t want to end up getting expelled for “”“hacking”“” so I didn’t do anything remotely bad. The irony is the assignment wouldn’t have worked and been as interesting if my campus had the proper security measures to block the messages.
It could be that the web client for our email mentioned something about the sender being unverified and not to trust it but I don’t remember.
I almost got kicked out of school for this! I sent an email to my girlfriend from some girl that we didn’t like, saying something like “you’re a huge bitch, haha just kidding this is actually jballs not the chick we don’t like.”
Problem is that I wrote my girlfriend’s email address wrong, so it bounced back to the sender (the girl we didn’t like).
So I had to explain to a university dean exactly what I did and how I didn’t actually “hack into” the girl’s email account. That was fun.
I sent my gmail address an email from obama@whitehouse.gov and it worked.
I remember realizing this and thinking it was weird too when I was reading about SMTP. Specifically, the MAIL FROM command.
Also related.
Spoofing email is hilariously easy. GPG signing really needs to be made easier
I tried to send a message to support for a company with a form on their website. I got an email back saying it didn’t pass SPF because they used my email address in the
From:
header.I did manage to find the email address their PHP script tried sending it to. I emailed them about the problem with solutions to fix it. And of course they never got back to me.
Saying that times have changed doesn’t negate the fact that times have changed.
OMG another account?! Why can’t I just use my discord smh
I don’t get the email analogy.
People did and DO complain about setting up email. ISP email is a great example of this. People forget their IMAP and SMTP address configuration stuff all the damn time. Always have.
I used to do home IT, and I had to help people through that crap constantly.
That said, these days people have gravitated to clients like gmail or outlook. Those push the user onto a certain domain, which makes setup dead simple. This is what mastodon.social is doing now. Making it so people don’t have to think about the instance at sign up.
Yeah I agree email kinda sucks. But everyone still uses it, and (as far as I’m aware) people aren’t writing articles about how confusing email is for people and why that makes it a failure. Mastodon and Lemmy are, in comparison, much better and way less confusing but you see that said all the time about them.