On 2017 Feb 11, 18:53, [email protected] wrote: > > How would a get a print out of email uses that fail DKIM, SPF, or > both? > > A few months ago there was chatter about how to rewrite the subject > header to indicate the SPF and DKIM status. Unfortunately nothing > further. > > Further, how does DKIM prove the message wasn't altered? To my > knowledge, SPF proves the message came from a qualified server and > DKIM proves the FQDN is a match.
Anyone can DKIM sign an email message which passed through his systems, even if the DKIM signer is not the original sender. DMARC exists to ensure that a valid DKIM signature is aligned (~coincides) with the email address in the Header-From. A valid DKIM signature, irrespective of DMARC alignment, cryptographically assures that the message has not been altered/tampered with since it was signed. A valid DKIM signature plus DMARC alignment, cryptographically assures the message has not been altered and that it is authentic (i.e., the provenance of the message is authenticated). That's not saying all DKIM signed and DMARC aligned email is legit. Spammers can perfectly send spam with a header-from like this: From: PayPal Notification <[email protected]> and have it DKIM signed and DMARC aligned. However, if you get an email with a Header-From like this: From: Paypal Notification <[email protected]> with a valid DKIM signature and which is DMARC aligned, you can rest assured that either the email is legit, or Paypal has been hacked to death from the inside. Regards, -- Josh Good
