On 5/4/2019 12:48 AM, Grant Taylor wrote: > The point being there are reasonable circumstances that someone else > can DKIM sign messages as a victim.
Sure, your entire server can be compromised and there might be a mole in the ministry. Your premise started out with the From Header versus Envelope for SPF and now has moved into DKIM being insecure if you don't maintain control of your PKI security. What is your point? -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171