[BLOG POST] Establishing a relationship with KERI type email.

[daidoji]

If the relationship is established beforehand with something like passkeys then this type of attack wouldn't be possible.

Describe oobi-ing, putting the phone in a drawer, coming back a long time later and re-establishing contact and the business knows that they're likely dealing with the same person as the one who oobi'd. (ie its easier to hack one database, no matter how well secured than it is to hack ten thousand phones for the most part).

https://it.slashdot.org/story/25/10/17/2333255/email-bombs-exploit-lax-authentication-in-zendesk