On Fri, Dec 16, 2016 at 08:39:06PM +0000, Viktor Dukhovni wrote:
When it is more difficult to forge an email from a Yahoo user, it
is more convenient for the phisher to fake an address from some
other domain, and then Yahoo deals with fewer complaints.
I don't think it's difficult at all to forge an email from a Yahoo user.
And it'll even dutifully be marked as valid courtesy of Yahoo itself:
Yahoo Says 1 Billion User Accounts Were Hacked
http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
Please note that this is in addition to the earlier announcement
of 500M hacked accounts.
But hey, at least they got to do this:
Yahoo breaks every mailing list in the world including the IETF's
http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html
Yeah. That was worth it. Definitely.
---rsk