undefined | Better HN

0 pointsBoulth7y ago0 comments

Only if it had strict DMARC policy (reject) at the time of sending. But it's not possible to reliably check old values from the past. No policy or quarantine policy makes the email go to spam, that's all.

0 comments

rocqua7y ago

Gmail stores the DKIM check result in the header of the email.

For a more exhaustive system, one might store a DNSSEC result proving the key was valid. Though from my limited search, it seems DNSSEC does not sign a time-stamp.

BoulthOP7y ago

> Gmail stores the DKIM check result in the header of the email.

That's an interesting idea. Unfortunately it makes Google a trusted third party. And a printout of that email would be easy to fake.

It would be nice if the report was signed by Google and timestamped (e.g. RFC 3161).

j / k navigate · click thread line to collapse