A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
Their site is just a landing page, there’s no login option or anything like that. Their business is a smartphone application.
Edit: Gmail uses SPF, DMARC and DKIM signing so spoofing is not possible if their email services are configured properly.
SPF/DKIM/DMARC does not prevent sending the spoofed message, though. It is up to the recipient system to filter out the message should the checks fail. Even then, the message often lands into spam instead of being dropped.
[This comment has been deleted by an automated system]