Is it normal that the registrar's mail can be changed?

I

Izzy Max2019-08-07 18:19:25

Domain Name System

Izzy Max, 2019-08-07 18:19:25

I study such PHPMail and I understand that the sender can be changed. I created a primitive form on my server in the internet, I enter Donald Trump's soap with the domain of his site and OP! a letter comes to my gmail and there is no warning that it is a stealer or something like that. When I was still setting up mail on my server, I remember warnings about these things, about DKIM, SPF and something like these terminologies. I enter different mails, and I thought to enter two mails of my local domain registrars. And to my surprise, the method also passes. Does this mean that Google has weak protection and does not see the substitution, or is the whole problem in the settings of the registrar and is it normal to leave it like this? Social engineers and other dark guys have not been canceled

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Saboteur, 2019-08-07
@saboteur_kiev

It looks like you've just discovered how SMTP works.
It's not about who has what protection, but that SMTP is an ancient protocol, which, like the original HTTP, did not provide much protection in itself.
Each mail server decides for itself how it fights against spam and forgery. Google doesn't seem to care much.

V

Vladimir Dubrovin, 2019-08-08
@z3apa3a

The DMARC protocol is used to protect the sender's address from forgery . Whether it is possible to spoof a sender address depends on whether the domain owner has set a DMARC policy for their domain and what that policy is. If the reject policy - letters without authorization will not be accepted, quarantine - they will fall into spam.