You’re confusing authentication with reputation A spam domain that signs itself is just emitting signed spam
On the other hand if your bank sends you authenticated mail that your server verifies you’re sure it is from their server and not from a hacked machine emitting bank phish --srs ________________________________ From: mailop <mailop-boun...@mailop.org> on behalf of Christian de Larrinaga via mailop <mailop@mailop.org> Sent: Saturday, July 25, 2020 2:22:30 PM To: mailop@mailop.org <mailop@mailop.org> Subject: Re: [mailop] BIMI pilot @ Google I am aware of DKIM and DMARC and SPF. You wil note this email address which I self host uses all three. As do all domains I run for email. My question is is it useful? - given so many lists even one dedicated to email management give "red" unsigned flags - that I get a ton of spam '/ phishing and such all beautifully signed by DKIM even with DMARC etc. which not only get through that filtering but also zen.spamhaus... etc - given most email domains which do use DKIM don't use strict and in most cases for good reasons. It may help and that may be good enough for those tools. But clearly it isn't a "solution". More a sticky plaster applied to do the job of a tourniquet C On 24/07/2020 17:10, Robert L Mathews via mailop wrote: > On 7/24/20 2:51 AM, Christian de Larrinaga via mailop wrote: > >> All emails on this list are showing with red DKIM signed boxes > That's because this list alters the message From header and body without > re-signing it. (If the list re-signed outgoing Mailman messages with a > "mailop.org" DKIM signature, it would work.) > > >> Is this useful? > Sure: It's saying you got a message claiming to be from > mailop@mailop.org that isn't signed by mailop.org, which is exactly what > it's supposed to do. > > Whether one decides to trust something less based on that is a different > matter. For example, I care about the DKIM verifier result for messages > claiming to be from my bank, but I don't worry about it for list messages. > > That said, if every MUA showed DKIM results, I suspect there would be a > lot more DKIM signing just based on the naive complaints it would > generate. Few people cared about making sure their non-financial website > used SSL until every browser started claiming it was "not secure". > _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
