>the individual was unable to distinguish a display name from the actual email address
This is wild to me, not just because they're a developer but they even know about SPF/DMARC. Also, the content of the email being them asking to reverify your email sounds suspicious and illogical. I know people make mistakes, but it's just crazy, and shows the importance of companies training employees to not fall for phishing emails.
Dunno, this is also a failure of email client UI which is designed around a naive world with no bad actors just so it looks cute.
The sender email address could be more prominent.
All link URLs could be visible.
Emails from new senders could have some sort of warning/alert. I used to use an email client that let you approve incoming email addresses, and it once saved me from a Coinbase phishing email since it made me double check the sender since it was marked as unapproved.
We can't keep blaming the victim when our own software works in the favor of bad actors. You're going to let your guard down one day.
This is wild to me, not just because they're a developer but they even know about SPF/DMARC. Also, the content of the email being them asking to reverify your email sounds suspicious and illogical. I know people make mistakes, but it's just crazy, and shows the importance of companies training employees to not fall for phishing emails.