Proofpoint is requiring their customers to pay for Email Fraud Defense to get aggregate DMARC data from their gateways

A redacted screenshot of the Proofpoint Email Fraud Defense dashboard

I have written extensively about the DMARC email security standard, including publishing a comprehensive guide on how to implement it, with or without additional third-party vendors.  I also do a little consulting on DMARC deployment best practices. One of those consulting clients uses Proofpoint for their email gateway. They also use Dmarcian, a reasonably priced DMARC report analytics service that also publishes a ton of public content for the good of the community. We were considering moving the client’s DMARC policy from monitor only (p=none) to an enforced state (p=reject) after many hours of steadily improving the SPF and DKIM alignment of their email sources. As I took another look at the aggregate (rua) DMARC data in Dmarcian, I noticed something odd: Dmarcian was getting aggregate reports from all of the expected third-party email recipients, like Google, Yahoo, Comcast, and the client’s industry partners, but I didn’t see any reporting from the client’s own Proofpoint Secure Email Gateway (SEG).

Read more

Google Pixel phones can be unlocked with a recording of a trusted voice by default

user manually enables "Ok Google" Trusted Voice

The headline feature of the new Google Pixel phones is deep integration between the operating system and the Google Assistant AI. By default, the Google Assistant can be activated even when the phone is locked and the display is off, if the device hears the trusted voice say the hot word, “Ok Google”. This also has the effect of unlocking the device, meaning that anyone with a recording of the trusted voice saying “Ok Google” — or even someone with a similar voice — can easily unlock the device.

Read more