Not sure about not clicking links in emails, they are meant to be clicked. I'd rather consider ways to let user easily *report* a suspected email, and focus on reaction with phishing (ofc, awareness should be there).
Quality point! I like to make this statement knowing people will still be human and click them, but hoping it makes them think about it more before they do.
Solutions like Abnormal and Proofpoint are great for providing an easy way to report phishing, although expensive.
Great explanation
For non-sending domains, don't leave SPF undefined – that would be an invitation for spoofing. Instead, set it to a null record like:
v=spf1 -all
This tells receiving servers to reject all emails claiming to be from your domain. DMARC record should also be set to something like:
v=DMARC1; p=reject; rua=mailto:you@example.com
Excellent overview of email security essentials—crucial for safeguarding both personal and organizational communications today.
https://codeguardian.ai/products-and-solutions/email-security
Wow! It was a quick refresher of the basics ...Thanks!
Glad you found it valuable, Siddhant!
Not sure about not clicking links in emails, they are meant to be clicked. I'd rather consider ways to let user easily *report* a suspected email, and focus on reaction with phishing (ofc, awareness should be there).
Quality point! I like to make this statement knowing people will still be human and click them, but hoping it makes them think about it more before they do.
Solutions like Abnormal and Proofpoint are great for providing an easy way to report phishing, although expensive.