The From field in email is pretty much on the honor system. You can put anything you want there, and the servers will happily send it.
This is why we have things like SPF (sender policy framework), DKIM (domain key identified mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) and why that message was in your junk folder rather than your inbox.
When your email provider receives a message from cheese_greater@lemmy.world, it looks up the DNS record for lemmy.world to see what IP addresses (among other things) are allowed to send email for users at lemmy.world. It compares those against the IP of the server sending on behalf of the user claiming to be cheese_greater@lemmy.world. If they match, the SPF check passes. If they don’t match, the check fails.
DKIM is also used to add a digital signature to each email originating from lemmy.world. The signature of the message is checked against lemmy.world’s public key (which is retrieved via DNS lookup). If the signatures match, the DKIM check passes. Otherwise, it fails.
Spam filters can then use the results of those to shunt the message to Junk if they don’t pass. The last item, DMARC, is an optional policy lemmy.world can configure to tell receiving servers what to do with messages that fail those checks. The most commonly used options are reject and quarantine (i.e. mark as junk)
The
Fromfield in email is pretty much on the honor system. You can put anything you want there, and the servers will happily send it.This is why we have things like SPF (sender policy framework), DKIM (domain key identified mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) and why that message was in your junk folder rather than your inbox.
When your email provider receives a message from
cheese_greater@lemmy.world, it looks up the DNS record forlemmy.worldto see what IP addresses (among other things) are allowed to send email for users atlemmy.world. It compares those against the IP of the server sending on behalf of the user claiming to becheese_greater@lemmy.world. If they match, the SPF check passes. If they don’t match, the check fails.DKIM is also used to add a digital signature to each email originating from
lemmy.world. The signature of the message is checked againstlemmy.world’s public key (which is retrieved via DNS lookup). If the signatures match, the DKIM check passes. Otherwise, it fails.Spam filters can then use the results of those to shunt the message to Junk if they don’t pass. The last item, DMARC, is an optional policy
lemmy.worldcan configure to tell receiving servers what to do with messages that fail those checks. The most commonly used options arerejectandquarantine(i.e. mark as junk)