thanks for sharing this, engine. I really feel there should be a greater PSA effort by all of these social and email sites to better educate unsuspecting users.

Personally, I think it could be one simple slide: NEVER click on a link in an email or on a social network that makes you login. Rather, always go directly to the site and look for the alleged message, friend invite, etc."

By following this rule I have done a pretty good job protecting my passwords. What are some of the rules of thumb other savvy webmasters and members in here use?

"What are some of the rules of thumb other savvy webmasters and members in here use?"

If I'm less than 100% sure of the validity of any email, I always hover over embedded links to see what they point to before actually clicking on them. Unless they're doing something sneaky with close misspellings (or 1 vs. l), it's usually quite obvious.

Dan

Perhaps it's just me that is even more cautious. I avoid the clicks for stats, if possible, to avoid the tracking.

Passwords are important, but you can also help by having a unique e-mail for the service you're using.

The services have to pick up their game, imho, but users need to be educated about their own security.

I implemented DMARC on several domains last year. It's interesting to see reports on mail that can't be tracked as coming from my servers. There's not much, but it does exist.

I hope more big companies implement this. It's simple to setup, and you can run it in reporting mode until you're ready to move to the stricter settings.