> Large webmail systems have always been pretty strict about what header > addresses you can use. I don't think it was ever easy for one Gmail > user to send mail pretending to be another.
But it was turning on submission auth that makes a really good case that a person did in fact send that piece of email. I wonder if this has been used legally yet? Most likely the vast majority of the time it doesn't need to come down to that.
I can't speak to use in court, but this seems relevant: https://blog.erratasec.com/2016/10/yes-we-can-validate-wikileaks-emails.html#.WA4khPkrLAW Also, credit where credit is due: Matthew Green is the primary impetus behind the push to publish keys: https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/ Ned
