The donotreply attack sounds fairly straightforward, and not anticipating it seems like a failure of ordinary paranoia that I’m surprised was so widespread.
In retrospect, most things are obvious. The widespread failure implies that it was harder than it seems to us now.
Even if only 0.01% of the people who could make the error made it, it will still lead to a lot of email going to @donotreply.com.
Actually it sounds like someone doesn’t understand the protocol.
The donotreply attack sounds fairly straightforward, and not anticipating it seems like a failure of ordinary paranoia that I’m surprised was so widespread.
In retrospect, most things are obvious. The widespread failure implies that it was harder than it seems to us now.
Even if only 0.01% of the people who could make the error made it, it will still lead to a lot of email going to @donotreply.com.
Actually it sounds like someone doesn’t understand the protocol.