A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
You'd be surprised how many legitimate email are sent with failed SPF. Even Microsoft sometimes doesn't update their MX records and the SPF fails.
That is especially true with large organizations where multiple non-technical teams are ordering/configuring products that send email.
Unfortunately it is difficult to solve, unless services stop allowing sending without verifying and forcing proper configuration. That would drive sales to competitors who do not enforce this, though.