Re: It's 2017 and you can still be pwned by a forged email header
"This is not some special agreement between gmail and paypal but is based entirely on open industry standards"
As things stand this is entirely optional as you make clear: "I have implemented the same anti-spoof protection for some of my own domains".
Until this is universally required the situation remains, you can still be pwned by a forged email header.
Biting the hand that feeds IT
