On Mon, 6 May 2019 15:10:07 -0600 Grant Taylor wrote:
> Many university IT departments claim responsibility for what the > university's staff and students do while decidedly NOT authenticating > anyone. DKIM author domain signing provides strong authentication where it matters, which is where the domain owner cares. For well-known addresses it's merely a matter of putting them on a separate domain or sub-domain from user accounts. If a university server accepts spoofed submissions then they clearly don't care that one user can spoof another.