Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

WTF?! When the president of the United States and the world's richest person have a falling out, the ramifications can be widespread. Since Musk and Trump went from friends to enemies, $152 billion has been wiped off Tesla's share price, and Musk has threatened to decommission the SpaceX Dragon spacecraft that NASA relies on to deliver crew to and from the International Space Station. Musk has also said that Trump appears in files relating to Jeffrey Epstein. When he left the White House last week, Musk blasted those who said he'd had a falling out with Trump. The CEO insisted his departure was due to his scheduled 130 days as a government employee coming to an end. But Musk had been publicly criticizing Trump's Big Beautiful Bill Act, warning it would increase the budget deficit. After learning that an electric-vehicle tax credit that would help incentivize Tesla purchases was not included in the bill, Musk called it "a disgusting abomination" on X and urged Americans to call Congress to have the bill killed. On Thursday, the two men used their respective social media platforms to throw insults at each other. At one point, Trump threatened to "terminate Elon's Governmental Subsidies and Contracts" as a way to slash billions of dollars from the budget. The warning sent Tesla's shares down just over 14%, wiping around $152 billion off its valuation – and almost $100 billion off Musk's total net worth. In response to Trump's threat to cancel Musk's government contracts, Musk said SpaceX will begin decommissioning its Dragon spacecraft immediately. The craft, which NASA relies on for transport missions including ferrying astronauts to the ISS, is under contract worth roughly $4.9 billion. The capsule is the only US spacecraft capable of flying humans into orbit. The only other crewed spacecraft that sends astronauts to the ISS is Russia's Soyuz system. However, after an X user told him to "cool off," Musk wrote, "Ok, we won't decommission Dragon." // Related Stories As the war of words has grown, Musk said Trump's controversial tariffs will cause a recession in the second half of this year. But his "really big bomb" was an allegation that Trump appears in the files of pedophile financier Jeffrey Epstein, who killed himself in his jail cell in August 2019 while awaiting trial. Musk has also shared a post calling for Trump's impeachment and posted a poll asking if a new political party should be created in the US that "actually represents the 80% in the middle." 81% of the 4.4 million respondents have voted yes. One has to wonder if Musk believes his time in the White House was worth it. Beyond his reputational damage, his companies have suffered by association. Tesla sales were down 50% last month, and there have been protests and attacks on dealerships. The company's share price is down 40% from its all-time high on December 17, 2024, before Musk was part of DOGE.

June 5, 20253 min readNew Hires Will Still Leave the NWS Dangerously Understaffed, Meteorologists SayNearly 600 employees left the National Weather Service or were fired in recent months. Meteorologists say 125 expected new hires will still leave the agency dangerously understaffedBy Chelsea Harvey & E&E News A tornado struck communities in Somerset and London, Ky., on May 16, 2025, leaving 19 dead and more injured. Michael Swensen/Getty ImagesCLIMATEWIRE | New hiring efforts at the National Weather Service won’t be enough to overcome staffing shortages and potential risks to human lives this summer, meteorologists warned Wednesday at a panel hosted by Democratic Washington Sen. Maria Cantwell.NOAA will hire around 125 new employees at the NWS, the agency said in an announcement first reported Monday by CNN. But nearly 600 employees have departed the NWS over the last few months, after the Trump administration fired probationary federal employees and offered buyouts and early retirements.That means the new hires will account for less than 25 percent of the total losses.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.“A quarter of the staff are not going to do the job when, let’s just say, both hurricane and fire risks are increasing,” Cantwell said during Wednesday’s panel. “[The Trump administration’s] approach in response to this has been a flimsy Band-Aid over a very massive cut.”Cantwell added that the National Hurricane Center is not fully staffed, as NOAA officials suggested last month when announcing their predictions for the upcoming Atlantic hurricane season outlook. The NHC has at least five vacancies, she said, representing meteorologists and technicians who help build forecasts for tropical cyclones in both the Atlantic and Pacific oceans.Meanwhile, NOAA is predicting above-average activity in the Atlantic this hurricane season. Updated fire maps also suggest that nearly all of Cantwell’s home state of Washington, along with Oregon and large swaths of California, will experience an above-average risk of wildfires by August.Kim Doster, NOAA’s director of communications, did not immediately respond to a request for comment on NOAA’s staffing shortages or the NHC’s vacancies.Three meteorologists speaking on the panel echoed Cantwell’s concerns, suggesting that staffing shortages at weather offices across the country risk forecasting errors and breakdowns in communication between meteorologists and emergency managers.At least eight local weather offices across the country are currently so short-staffed that they can no longer cover their overnight shifts, said Brian LaMarre, a former meteorologist-in-charge at the NWS office in Tampa Bay, Florida. Some of these offices may have to rely on “mutual aid,” or borrowed staff, from other NWS locations to cover their shifts during extreme weather events.But Cantwell and other panelists expressed concern that staff-sharing across the NWS could erode the accuracy of forecasts and warnings for local communities.Cantwell pointed to the meteorologists that specialize in fire weather forecasts. NOAA typically deploys those experts to provide forecasts and recommendations to firefighters on the ground when wildfires strike.“If you think you're gonna substitute somebody that’s gonna be somewhere else — I don’t know where, some other part of the state or some other state — and you think you're gonna give them accurate weather information? It just doesn't work that way,” she said.Washington state-based broadcast meteorologist Jeff Renner echoed her concerns.“The meteorologists that respond to [wildfires] have very specific training and very specific experience that can’t be easily duplicated, particularly from those outside the area,” he said.Meanwhile, LaMarre’s former position in Tampa is vacant, and around 30 other offices across the country are also operating without a permanent meteorologist-in-charge.“That person is the main point of contact when it comes to briefing elected officials, emergency management directors, state governors, city mayors, parish officials,” LaMarre said. “They are the individual that’s gonna be implementing any new change that is needed for hurricane season, blizzards, wildfires, inland flooding.”The NWS suffered from staffing shortages prior to the Trump administration. But LaMarre said he never saw such widespread vacancies, including offices unable to operate overnight, in his 30 years at the agency.He emphasized that NWS meteorologists will do whatever it takes to ensure accurate forecasts when extreme weather strikes. But too many gaps at local offices mean that some services will inevitably suffer, LaMarre added.“Whenever you look at an office that is short-staffed, that means a piece of that larger puzzle is taken away,” he said. “That means some outreach might not be able to occur. Some trainings might not be able to occur. Some briefings to officials might not be able to occur.”Reprinted from E&E News with permission from POLITICO, LLC. Copyright 2025. E&E News provides essential news for energy and environment professionals.

Temporary local copies can be shared with Nintendo through manual user reporting.

Disguised as a free chair model, it's distributed via Discord, Gmail, and Fiverr.

Switch 2 turned up on our doorstep this afternoon and here's what you can look forward to if you plug yours in at just past midnight tonight - including one warningTech21:32, 04 Jun 2025Updated 21:32, 04 Jun 2025Here's what Nintendo sent usAfter months of writing about the Nintendo Switch 2 daily (and getting very excited for Mario Kart World), it was a bit of a strange feeling to have the console dropped off at my doorstep earlier today.While I had preordered, Nintendo sent out the console and some peripherals, so I'm in a position to tell you what you can expect if you're attending a midnight launch, or if you're currently queuing outside your store.‌Looking for a more detailed preview of the hardware? You can find that here, and we've also got hands-on impressions of Mario Kart World and Nintendo Switch Welcome Tour.‌Mario Kart World is Nintendo's big Switch 2 launch title(Image: Nintendo)When powering on your Switch 2, you'll need to connect to the internet to download the all-important firmware update that turns it from a pricey paperweight into a nifty console.The console will also introduce you to some of its features and prompt you to add a MicroSD Express card (doing so will format it so it's ready for use).Article continues belowYou can complete the setup with any version of the Switch 2 controllers, and you'll be prompted to start a system transfer from your original console if you have one.We'd recommend doing so, because it'll transfer your saved data to your new system, but it does come with an inconvenience tied to our biggest Switch 2 bugbear so far: painfully slow download speeds.Logging into the console and updating the firmware took about 20 minutes, but downloads move glacially slow.‌Add to that the console trying to download everything from your Switch 1 at once, and I had to spend a few minutes closing downloads down.Even the more modestly-sized games like Puyo Puyo Tetris were dragging on my gigabit Wi-Fi, although I'd imagine it's down to the 'pipes being clogged' as far as servers go.Still, if you're planning to play anything tonight, you might want to stick to physical media for a bit.Article continues belowWhile the Joy-Con are great, I'm massively impressed by the Pro Controller. We'll have a full live blog running most of the day tomorrow to talk more about Switch 2 on its official launch day, but I'll be leaning towards the more traditional pad for my Zelda playthroughs and more.For now, though, I'm pretty pleased I have a physical copy of Mario Kart World to keep me going until Sony's State of Play tonight. Don't forget to check out our predictions.For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.‌‌‌

Google's recently launched AI video tool can generate realistic clips that contain misleading or inflammatory information about news events, according to a TIME analysis and several tech watchdogs.TIME was able to use Veo 3 to create realistic videos, including a Pakistani crowd setting fire to a Hindu temple; Chinese researchers handling a bat in a wet lab; an election worker shredding ballots; and Palestinians gratefully accepting U.S. aid in Gaza. While each of these videos contained some noticeable inaccuracies, several experts told TIME that if shared on social media with a misleading caption in the heat of a breaking news event, these videos could conceivably fuel social unrest or violence. While text-to-video generators have existed for several years, Veo 3 marks a significant jump forward, creating AI clips that are nearly indistinguishable from real ones. Unlike the outputs of previous video generators like OpenAI’s Sora, Veo 3 videos can include dialogue, soundtracks and sound effects. They largely follow the rules of physics, and lack the telltale flaws of past AI-generated imagery. Users have had a field day with the tool, creating short films about plastic babies, pharma ads, and man-on-the-street interviews. But experts worry that tools like Veo 3 will have a much more dangerous effect: turbocharging the spread of misinformation and propaganda, and making it even harder to tell fiction from reality. Social media is already flooded with AI-generated content about politicians. In the first week of Veo 3’s release, online users posted fake news segments in multiple languages, including an anchor announcing the death of J.K. Rowling and of fake political news conferences. “The risks from deepfakes and synthetic media have been well known and obvious for years, and the fact the tech industry can’t even protect against such well-understood, obvious risks is a clear warning sign that they are not responsible enough to handle even more dangerous, uncontrolled AI and AGI,” says Connor Leahy, the CEO of Conjecture, an AI safety company. “The fact that such blatant irresponsible behavior remains completely unregulated and unpunished will have predictably terrible consequences for innocent people around the globe.”Days after Veo 3’s release, a car plowed through a crowd in Liverpool, England, injuring more than 70 people. Police swiftly clarified that the driver was white, to preempt racist speculation of migrant involvement. (Last summer, false reports that a knife attacker was an undocumented Muslim migrant sparked riots in several cities.) Days later, Veo 3 obligingly generated a video of a similar scene, showing police surrounding a car that had just crashed—and a Black driver exiting the vehicle. TIME generated the video with the following prompt: “A video of a stationary car surrounded by police in Liverpool, surrounded by trash. Aftermath of a car crash. There are people running away from the car. A man with brown skin is the driver, who slowly exits the car as police arrive- he is arrested. The video is shot from above - the window of a building. There are screams in the background.”After TIME contacted Google about these videos, the company said it would begin adding a visible watermark to videos generated with Veo 3. The watermark now appears on videos generated by the tool. However, it is very small and could easily be cropped out with video-editing software.In a statement, a Google spokesperson said: “Veo 3 has proved hugely popular since its launch. We're committed to developing AI responsibly and we have clear policies to protect users from harm and governing the use of our AI tools.”Videos generated by Veo 3 have always contained an invisible watermark known as SynthID, the spokesperson said. Google is currently working on a tool called SynthID Detector that would allow anyone to upload a video to check whether it contains such a watermark, the spokesperson added. However, this tool is not yet publicly available.Attempted safeguardsVeo 3 is available for $249 a month to Google AI Ultra subscribers in countries including the United States and United Kingdom. There were plenty of prompts that Veo 3 did block TIME from creating, especially related to migrants or violence. When TIME asked the model to create footage of a fictional hurricane, it wrote that such a video went against its safety guidelines, and “could be misinterpreted as real and cause unnecessary panic or confusion.” The model generally refused to generate videos of recognizable public figures, including President Trump and Elon Musk. It refused to create a video of Anthony Fauci saying that COVID was a hoax perpetrated by the U.S. government.Veo’s website states that it blocks “harmful requests and results.” The model’s documentation says it underwent pre-release red-teaming, in which testers attempted to elicit harmful outputs from the tool. Additional safeguards were then put in place, including filters on its outputs.A technical paper released by Google alongside Veo 3 downplays the misinformation risks that the model might pose. Veo 3 is bad at creating text, and is “generally prone to small hallucinations that mark videos as clearly fake,” it says. “Second, Veo 3 has a bias for generating cinematic footage, with frequent camera cuts and dramatic camera angles – making it difficult to generate realistic coercive videos, which would be of a lower production quality.”However, minimal prompting did lead to the creation of provocative videos. One showed a man wearing an LGBT rainbow badge pulling envelopes out of a ballot box and feeding them into a paper shredder. (Veo 3 titled the file “Election Fraud Video.”) Other videos generated in response to prompts by TIME included a dirty factory filled with workers scooping infant formula with their bare hands; an e-bike bursting into flames on a New York City street; and Houthi rebels angrily seizing an American flag. Some users have been able to take misleading videos even further. Internet researcher Henk van Ess created a fabricated political scandal using Veo 3 by editing together short video clips into a fake newsreel that suggested a small-town school would be replaced by a yacht manufacturer. “If I can create one convincing fake story in 28 minutes, imagine what dedicated bad actors can produce,” he wrote on Substack. “We're talking about the potential for dozens of fabricated scandals per day.” “Companies need to be creating mechanisms to distinguish between authentic and synthetic imagery right now,” says Margaret Mitchell, chief AI ethics scientist at Hugging Face. “The benefits of this kind of power—being able to generate realistic life scenes—might include making it possible for people to make their own movies, or to help people via role-playing through stressful situations,” she says. “The potential risks include making it super easy to create intense propaganda that manipulatively enrages masses of people, or confirms their biases so as to further propagate discrimination—and bloodshed.”In the past, there were surefire ways of telling that a video was AI-generated—perhaps a person might have six fingers, or their face might transform between the beginning of the video and the end. But as models improve, those signs are becoming increasingly rare. (A video depicting how AIs have rendered Will Smith eating spaghetti shows how far the technology has come in the last three years.) For now, Veo 3 will only generate clips up to eight seconds long, meaning that if a video contains shots that linger for longer, it’s a sign it could be genuine. But this limitation is not likely to last for long. Eroding trust onlineCybersecurity experts warn that advanced AI video tools will allow attackers to impersonate executives, vendors or employees at scale, convincing victims to relinquish important data. Nina Brown, a Syracuse University professor who specializes in the intersection of media law and technology, says that while there are other large potential harms—including election interference and the spread of nonconsensual sexually explicit imagery—arguably most concerning is the erosion of collective online trust. “There are smaller harms that cumulatively have this effect of, ‘can anybody trust what they see?’” she says. “That’s the biggest danger.” Already, accusations that real videos are AI-generated have gone viral online. One post on X, which received 2.4 million views, accused a Daily Wire journalist of sharing an AI-generated video of an aid distribution site in Gaza. A journalist at the BBC later confirmed that the video was authentic.Conversely, an AI-generated video of an “emotional support kangaroo” trying to board an airplane went viral and was widely accepted as real by social media users. Veo 3 and other advanced deepfake tools will also likely spur novel legal clashes. Issues around copyright have flared up, with AI labs including Google being sued by artists for allegedly training on their copyrighted content without authorization. (DeepMind told TechCrunch that Google models like Veo "may" be trained on YouTube material.) Celebrities who are subjected to hyper-realistic deepfakes have some legal protections thanks to “right of publicity” statutes, but those vary drastically from state to state. In April, Congress passed the Take it Down Act, which criminalizes non-consensual deepfake porn and requires platforms to take down such material. Industry watchdogs argue that additional regulation is necessary to mitigate the spread of deepfake misinformation. “Existing technical safeguards implemented by technology companies such as 'safety classifiers' are proving insufficient to stop harmful images and videos from being generated,” says Julia Smakman, a researcher at the Ada Lovelace Institute. “As of now, the only way to effectively prevent deepfake videos from being used to spread misinformation online is to restrict access to models that can generate them, and to pass laws that require those models to meet safety requirements that meaningfully prevent misuse.”

If you’re in the homebuying market, you’ve probably come to realize that the grass is always greener in the listing description—both literally and figuratively. Real estate agents sometimes get creative with Photoshop edits on listing photos, often brightening up the grass and editing out unsightly objects, like a neighbor’s clunker car or wires cluttering a bedroom. They also use some descriptive language that can be, well, deceptive. Adjectives like cozy and charming may evoke good feelings in potential buyers, but they’re high on the list of frequently used adjectives that probably don’t mean what you think they do. Photos and descriptions give you a teaser, but nothing beats an in-person tour for catching any potential sneaky details. Still, there are certain phrases to keep an eye out for as you're browsing for your next dream home online. Below, we're rounding up 10 common words or phrases often found in real estate listings should raise red flags, according to real estate pros. Related Stories“Charming”DreamPictures//Getty ImagesOr, similarly, unique. “Often, this means the property has some quirks that might not appeal to everyone,” real estate expert Yawar Charlie, director of the luxury estates division at Aaron Kirman Group, says. “It could be anything from a funky floor plan to unconventional finishes.” Think about resale value and whether any of these quirks might be a dealbreaker for future buyers, should you choose to sell“Cozy”Cozy is most likely a code word for lacking square footage, Charlie says. “When they call it cozy, they’re hinting that it might be a bit cramped,” he says. “Check for square footage and layout specifics.”“Home Being Sold As Is”"As is" is perhaps one of the biggest red flags in real estate. “It often signals that the property may have significant issues the seller is trying to offload,” says Nikki Bernstein, a global real estate advisor with Engel & Völkers Scottsdale.According to Bernstein, an "as is" condition indicates that the seller is likely emotionally detached and unwilling to negotiate on price or concessions. It also suggests they may be withholding information, indicating there could be hidden problems waiting to be uncovered during inspection, she says. “As is might as well be a warning: ‘Buyer beware,’” Bernstein says. “Fixer Upper”Mableen//Getty ImagesIf you’ve got a design-build background or are looking for homes that are worth renovating, a property advertised as a fixer-upper might make for a fun challenge. But this phrase usually means the property has seen better days and needs some TLC, which is not what most buyers are looking for. Charlie's advice? Bring a contractor or a handyman to the home inspection with you. “You’re not just checking for cosmetic issues; you want to get the lowdown on structural problems, electrical updates, and plumbing repairs,” Charlie says. “A fixer-upper can quickly turn into a money pit.”If you choose to pursue a home that needs a fair amount of love, make sure you’ve got the right loan, Virginia Realtor and real estate broker Michelle Brown cautions. For example, a FHA 203K loan lets buyers roll home improvement costs into their mortgage.“Investors’ Dream”This phrase typically signals the property is in poor condition but priced low for potential profit through renovations or redevelopment, Brown says. This is another instance where you’ll want to have a contractor with you to get a full picture of all the repairs that may be needed.“Make This Home Your Own”This phrase signals the home is likely outdated and in need of cosmetic updates at the very least, New Jersey Realtor Larry Devardo says. Listings that advertise “potential” or say “home has endless possibilities” are also indicators that repairs and updates are needed, he says. “Great Bones”DreamPictures//Getty ImagesOn the upside, “great bones” means the home is structurally sound with strong infrastructure, Maryland Realtor Ellie Hitt says. On the downside, it likely needs a lot of cosmetic updates to bring it up to date with modern conveniences and aesthetics.“Needs TLC”Often, when a home requires cosmetic work, “TLC” is noted, indicating the property needs someone who is willing to put in a little bit of elbow grease, agent Karen Kostiw of Coldwell Banker Warburg says. You may be thinking of new carpet, updated cabinets, and a few other touch-ups, but in some cases, TLC could actually mean the property requires a gut renovation.“Motivated Seller”Translation: The seller is eager to sell, possibly due to financial issues, a pending foreclosure, or a property that has been on the market for a while, says Jeffrey Borham, owner of Tampa Bay, Florida Team Borham. “This could be an opportunity for negotiation,” he adds. “However, investigate why the seller is motivated; there could be hidden issues that have deterred other buyers.”Similarly, “priced to sell” could mean a whole host of things, ranging from the property needs some work or the seller wants to start a bidding war, New York City Broker Sean Adu-Gyamfi of Coldwell Banker Warburg says.“Hot Listing”Some agents advertise “hot listings” on the MLS to create urgency, even if there are no other offers, Misty Spittler, a licensed public insurance adjuster and certified roof inspector, says. Don’t feel pressured, though. She recently had a client bid $20,000 over asking on a listing advertised as hot. Spittler’s inspection found $30,000 of necessary repairs, so the client was able to renegotiate.Follow House Beautiful on Instagram and TikTok.

Capcom has issued a warning to Monster Hunter Wilds players, stating that accounts found to have been engaging in misconduct are being suspended progressively starting on June 5. While many fans have been enjoying all the content Monster Hunter Wilds already has to offer, others are eager to finally get their hands on Title Update 2, which is expected to arrive in summer 2025.

Just in time for allergy season, a recent FDA warning describes a new side effect for those who take Zyrtec or Xyzal long-term. This is what you should know.