intermediate 12 min
DMARC Passed. The Email Was Still an Attack. Inside the Blesta Ransom Incident
A ransom email from no-reply@blesta.com passed SPF, DKIM, and DMARC because it came from Blesta's own infrastructure. Here is why that is not a DMARC failure, and what authenticated abuse means for the way you read trust into email.