Frequently Asked Question
In Webmail next to the From name, you will notice we now display a mark to indicate authenticity of the senders domain, this uses DKIM signatures and DMARC, it works by reading the authentication results headers generated by our mail servers when the external message was first received by us, then display the mark to indicate if the senders domain was verified and did send the message, or if the senders domain was forged.
! It is possible locally generated/sent messages, within the ausics.net domain, may appear with the first two symbols (not signed, or signed but no authentication headers) as locally generated message from mail.ausics.net are not an external received message the testing is slightly different, we have long had other tests on external messages that should prevent a third party spoofing ausics.net domain when sending into ausics.net, our mail servers will outright reject that message when received, so we do not see this as a problem, if you receive an Email claiming to be from ausics.net that clearly is not, please open a ticket and let us know all the details.
You can mouse over the mark to get more details on its determination.
In the above example we see a grey question mark, this typically will indicate the message is not DKIM or DMARC signed at all, so it is unable to determine if it is authentic or a forgery.
Here, we have a red circled question mark, this indicates the message has a signature but for some reason there is no results header, mousing over will reveal more information.
In this example with a red cross mark, we see a message that has failed authenticity, the signature is invalid, it could be spoofed, it could however also be from an ill-configured mailing list, mouse over to view the results, you should be extra careful with this type of message, especially if it is not from a mailing list.
In this rather rare mark example, a teal tick, indicates the message was signed by a third party, and has been verified as a pass. This type of mark is very rare, it usually will only occur when using certain mass marketing mail providers, when the message is sent by a customer of theirs who themselves do not have DKIM signatures, an example of this has been marketing emails from mailchimp and salesforce, most senders through the likes of them do have their own signings, just including this because it may be possible to receive this type of authentic mail, but any mail sent through a third party, should be treated with utmost scrutiny anyway.
Next up we see here a lighter green tick, this indicates the message is valid from the authors domain, so not likely a forgery, but as a lighter green mark compared to the final option below, it has passed through other domains whos signature(s) have failed, this can be typical of mailing lists, again, hover your pointer over the mark for more information.
And now we see a fully verified green tick mark, indicating this message is valid and not spoofed.
Again, you should be mindful that these are DKIM and DMARC "domain" validations, they prove someone at that domain sent the message, these are not GPG "individual user digitally signed" validations that prove a particular person signed and sent the message.
That validation has long been available, but not in widespread use due to its complexities as it must be configured by the end user, the way this is applied with our new Webmail version moving forward has changed again as the server no longer stores a copy of your keys (this is a good thing despite roundcube itself being rather secure), this will now be handled by a browser extension on your end (we will time permitting produce a new article for that in the future), where as the domain validations we apply are configured by the domain administrators (your ISP, Webhost, Enterprise, etc).