© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
So from my reading, with a whitelist of trusted domains we get the same level of trust from DKIM as we do with GPG signed emails. To get on the trusted list, a domain needs to:
- Sign the From: header
- Promise that signed emails actually come from the user claimed in the From: header.
If we receive an email with a valid DKIM signature from the trusted domain (confirming the From: header is signed) it means it came from someone with control of that mailbox, the DNS records, or mail server. This means it is trusted as a GPG signed email from Launchpad's perspective (with control of the mailbox, DNS or mail server you can reset the users password, then upload a GPG key which Launchpad will then trust).
If we can verify that yahoo.com, yahoo.co.*, gmail.com, and googlemail.com sign the From: headers, don't allow From: forgery, and we believe they are reasonably competent at running their systems, then that will account for 49.5% of our current preferred email addresses.
If we replace the whitelist with a user selectable toggle, then I think that works too with the user accepting responsibility.