171
Google now blocks spoofed emails for better phishing protection
(www.bleepingcomputer.com)
This is a most excellent place for technology news and articles.
TLS has become too easy to acquire for it to have any effect, I'm afraid. Didn't Chromium remove the padlock signifying HTTPs connection due to just that? That it doesn't really mean anything anymore in terms of illegitimate websites (still obviously crucial against MitM)?
Easy to acquire, yes, but not anonymously. The cert has to tie back to a domain or subdomain and there's a process to prove a domain belongs to whomever requested the cert. Long story short, if you wanted to sue or file complaint against a spammer that signs their emails then it's not really a challenge to trace back to the person or company doing the spamming.
This still relies on domain name registrars, hosts (e.g. Gmail), and certificate authorities keeping proper records.
Not sure about that. Phishing scams make sure to hide their identity really well and while something like .com might require your personal information, I can imagine .ru allowing anonymous registration. Once you've got a domain, getting a certificate for it with Let's Encrypt happen in seconds with no personal information iirc. Even if you'd need to disclose something, you could just lie. Let's Encrypt is highly automatized and I doubt anyone would check the information for some random domain. Yeah that cert/domain will be taken down quickly, but they're incredibly cheap and easy to create.