You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many email providers are adding "anonymous" or "random" address features, e.g. Apple's "Hide My Email", Fastmail's "Masked Email", etc. With no standardized process for authorization verification, some providers leave the signature there (Fastmail "Masked Email"). Other providers verify the signature, include their results, and remove the signature (Apple "Hide My Email").
DKIM header field displays verifier
When displaying the parsed Authentication-Results in the DKIM header row, DKIM header fields include the server noted as having verified the authentication.
the DKIM bar might display the fully accessible option
DKIM: Valid (Signed by costalerts.amazonaws.com; Verified by dkim-verifier.icloud.com)
and provide an option to move the verification to a tooltip since not all users have easy access to a mouse to hover for tooltips.
For local verification, the DKIM bar might display
DKIM: ; Verified locally by "DKIM Verifier"
Risk Analysis
No risks perceived at this time.
Allow DKIM "success" for trusted verification servers
If no DKIM signature is available, and all DKIM Authentication-Results are from trusted authentication servers, and all DKIM Authentication-Results pass, then allow the DKIM success with indication that the success is based "trusted" authenticators.
Risk Analysis
Relies on explicit trust of the creator of the Authentication-Results headers, and they have not been forged.
dkim_verifier already implies a certain level of trust in these headers when the user opts to displaying them in the DKIM header row. While this is not an explicit trust as it simply displays what's in the headers, it can begin to create implicit trust as the user sees these more often.
Ensuring the UX clearly indicates the basis of the final result can help to mitigate this risk.
The text was updated successfully, but these errors were encountered:
Background
Many email providers are adding "anonymous" or "random" address features, e.g. Apple's "Hide My Email", Fastmail's "Masked Email", etc. With no standardized process for authorization verification, some providers leave the signature there (Fastmail "Masked Email"). Other providers verify the signature, include their results, and remove the signature (Apple "Hide My Email").
DKIM header field displays verifier
When displaying the parsed
Authentication-Results
in the DKIM header row, DKIM header fields include the server noted as having verified the authentication.For the following example,
the DKIM bar might display the fully accessible option
and provide an option to move the verification to a tooltip since not all users have easy access to a mouse to hover for tooltips.
For local verification, the DKIM bar might display
Risk Analysis
No risks perceived at this time.
Allow DKIM "success" for trusted verification servers
If no DKIM signature is available, and all DKIM
Authentication-Results
are from trusted authentication servers, and all DKIMAuthentication-Results
pass, then allow the DKIM success with indication that the success is based "trusted" authenticators.Risk Analysis
Authentication-Results
headers, and they have not been forged.dkim_verifier
already implies a certain level of trust in these headers when the user opts to displaying them in the DKIM header row. While this is not an explicit trust as it simply displays what's in the headers, it can begin to create implicit trust as the user sees these more often.The text was updated successfully, but these errors were encountered: