How can we expect users to make a distinction between phishing and legit email when legit email can look as shitty as this?!?
@brnrd Good point: you received this e-mail 👍
I stopped counting companies sending legit e-mail from machines not authorized in their SPF records ending with a `-all` configuration (that is, they expect recipients to reject the message).
Hint: rejecting this mail is a *bad* idea… the last one (#online, yesterday) sent their "password lost" / "password reset" and "security warning" from this misconfigured machine 😱 .
@brnrd Once, I got a message from EDF asking me to pay something. As (1) the mail looked fake, (2) I was no longer a client, and (3) my old account on the website clearly said that I owe them nothing, I immediately alerted the authority that someone took their identity. The authority said that it was actually legit, that they couldn't tell on the webpage the amount because I was no longer in France, and that they will send lawers against me if I don't pay in one week. #FuckFrance 😡
Trying to burn them as much as I can on Twitter... There's probably a GDPR violation in here as well. I did not consent to sharing PII with external parties :D