undefined | Better HN

0 pointsrpigab1y ago0 comments

Your last sentence kinda contradicts the fact that the company Google operates the server behind gmail.com.

If Google was evil (but in reality it's not), it could have forged and signed an email from john.smith@gmail.com with valid DKIM, sent on other mail servers or not (since we talk about leaked emails, we just need a file), when in reality the Google user john.smith@gmail.com never sent that email. To me, John Smith could have plausible deniability in court, depending on if everyone trusts Google to be 100% reliable. If the stakes are higher than what the company would risk to lose if found to have forged the email, what's stopping them?

0 comments

kbolino1y ago

Google could forge the email without DKIM (DMARC only requires one of SPF or DKIM to succeed, not both). While DKIM gives high confidence that the email came from Google, neither its presence nor absence says anything about John Smith.

j / k navigate · click thread line to collapse

0 pointsrpigab1y ago0 comments

Your last sentence kinda contradicts the fact that the company Google operates the server behind gmail.com.

0 comments

kbolino1y ago

j / k navigate · click thread line to collapse