Aside from the XSS issues, this seems like a load of hot air to me. DKIM isn't done by the mail clients in most cases.
nedry_ joined the channel
nedry has quit
baudehlo
No I think DKIM is relevant. What it's saying is that the mail is technically MAIL FROM @mydomain.com, so DKIM verifies just fine, but the mail looks, to all intents and purposes, to be from potus@whitehouse.gov.
busybox42 has quit
golden_receiver has quit
nedry_ has quit
tellnes has quit
doublemalt_ joined the channel
busybox42 joined the channel
golden_receiver joined the channel
nedry_ joined the channel
tellnes joined the channel
miller7 has quit
notkoos has quit
zombified has quit
EyePulp joined the channel
miller7 joined the channel
notkoos joined the channel
zombified joined the channel
_smf_
baudehlo: but there's no equivalent of the browser 'green bar' for DKIM signed messages in pretty much all client except for Gmail.