Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To some extend, the fact that gmail accepted a message indicates the email passed DKIM inspection.


Only if it had strict DMARC policy (reject) at the time of sending. But it's not possible to reliably check old values from the past. No policy or quarantine policy makes the email go to spam, that's all.


Gmail stores the DKIM check result in the header of the email.

For a more exhaustive system, one might store a DNSSEC result proving the key was valid. Though from my limited search, it seems DNSSEC does not sign a time-stamp.


> Gmail stores the DKIM check result in the header of the email.

That's an interesting idea. Unfortunately it makes Google a trusted third party. And a printout of that email would be easy to fake.

It would be nice if the report was signed by Google and timestamped (e.g. RFC 3161).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: