Let's say, hypothetically, that we receive an email from an old university address that looks like this: Looks 👌 legit. 👌 It came from a .edu email address! It doesn't look spoofed. The headers match the address. Maybe it's just someone who graduated 5 years ago and really likes to use their birthday as their password.