top | item 19378428

(no title)

actsof | 7 years ago

>exactly the same as a verified user on Twitter

from: support@apple-support.example.org [This message was signed by apple-support.example.org (Verified by Let's Encrypt)]

Please send us your Apple ID and password for routine security checks.

discuss

pas|7 years ago

No. Do it OpenSSH style. At first every identity is unknown. Then you get a mail signed by a key tied to an identity (on whatever keybase), then as you email each other your trust grows.

Sure, maybe you're trusting a scammer more and more, but at least when you get a new email from a scammer that's trusted by millions (let's say by more than one EV cert signed the key that signed the email), then it's pretty sure you're just being scammed by Apple to further their regular bottom line.