The lack of DMARC records, even if it could facilitate spoofing, won’t magically make reply emails addressed at a valid @harvard.edu address land in a spoofer’s inbox. A different Reply-To address is possible but then you can’t claim a lack of warning signal. There’s something else going on.
oefrha|5 years ago