From a7b82bedf68d3f4f102c73fd0a8cebfb42872a0d Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Mon, 27 May 2024 07:54:29 +0200
Subject: [PATCH] Updated FAQ

---
 FAQ.md     | 11 +++++++----
 index.html |  8 ++++----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/FAQ.md b/FAQ.md
index c8e1897e56..302a6d5f63 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -1943,14 +1943,14 @@ Viewing remotely stored images (see also [this FAQ](#faq27)) and opening links m
 but will also leak your IP address.
 See also this question: [Why email's link is more dangerous than web search's link?](https://security.stackexchange.com/questions/241139/why-emails-link-is-more-dangerous-than-web-searchs-link).
 
-This BBC article is worth reading: [Spy pixels in emails have become endemic](https://www.bbc.com/news/technology-56071437).
+This BBC article is worth reading as well: [Spy pixels in emails have become endemic](https://www.bbc.com/news/technology-56071437).
 
 Opening attachments or viewing an original message might load remote content and execute scripts,
 that might not only cause privacy sensitive information to leak, but can also be a security risk.
 
 Note that your contacts could unknowingly send malicious messages if they got infected with malware.
 
-FairEmail formats messages again causing messages to look different from the original, but also uncovering phishing links.
+FairEmail formats messages again causing messages to look different from the original, but also uncovering phishing links, etc.
 
 Note that reformatted messages are often better readable than original messages because the margins are removed, and font colors and sizes are standardized.
 
@@ -1959,7 +1959,7 @@ Since the images are downloaded from the source server [in real-time](https://bl
 this is even less secure because Google is involved too without providing much benefit.
 
 You can show images and original messages by default for trusted senders on a case-by-case basis by checking *Do not ask this again for ...*.
-You might need to reset the questions via a button in the miscellaneous settings tab page.
+You might need to reset the questions via a button in the miscellaneous-settings tab page.
 
 <br />
 
@@ -3422,8 +3422,11 @@ Also, FairEmail can show a small red warning flag
 when DKIM, SPF or [DMARC](https://en.wikipedia.org/wiki/DMARC) authentication failed on the receiving server.
 You can enable/disable [authentication verification](https://en.wikipedia.org/wiki/Email_authentication) in the display settings.
 The feature depends on the header [Authentication-Results](https://datatracker.ietf.org/doc/html/rfc7601), which the receiving email server should add.
-If the email server doesn't add an *Authentication-Results*, which is optional,
+The shield will be green only if DMARC passes (=alignment)
+and either [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) or [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) passes.
+If the email server doesn't add an *Authentication-Results* header, which is optional,
 you can enable native DKIM in the debug panel, which appears when you enable debug mode in the miscellaneous settings tab page (last option).
+In this case, the shield will be green only when DKIM passes and the signer domain matches that of the sender.
 Please be aware that this option will increase both data and battery usage.
 
 FairEmail can show a warning flag too if the domain name of the (reply) email address of the sender does not define an MX record pointing to an email server.
diff --git a/index.html b/index.html
index dec9958fe7..84b752c8f1 100644
--- a/index.html
+++ b/index.html
@@ -1143,13 +1143,13 @@ X-Google-Original-From: Somebody &lt;somebody+extra@example.org&gt;</code></pre>
 <p><a name="faq35"></a> <strong>(35) Why should I be careful with viewing images, attachments, the original message, and opening links?</strong></p>
 <p>🌎 <a href="https://translate.google.com/translate?sl=en&amp;u=https%3A%2F%2Fm66b.github.io%2FFairEmail%2F%23faq35">Google Translate</a></p>
 <p>Viewing remotely stored images (see also <a href="#faq27">this FAQ</a>) and opening links might not only tell the sender that you have seen the message, but will also leak your IP address. See also this question: <a href="https://security.stackexchange.com/questions/241139/why-emails-link-is-more-dangerous-than-web-searchs-link">Why email’s link is more dangerous than web search’s link?</a>.</p>
-<p>This BBC article is worth reading: <a href="https://www.bbc.com/news/technology-56071437">Spy pixels in emails have become endemic</a>.</p>
+<p>This BBC article is worth reading as well: <a href="https://www.bbc.com/news/technology-56071437">Spy pixels in emails have become endemic</a>.</p>
 <p>Opening attachments or viewing an original message might load remote content and execute scripts, that might not only cause privacy sensitive information to leak, but can also be a security risk.</p>
 <p>Note that your contacts could unknowingly send malicious messages if they got infected with malware.</p>
-<p>FairEmail formats messages again causing messages to look different from the original, but also uncovering phishing links.</p>
+<p>FairEmail formats messages again causing messages to look different from the original, but also uncovering phishing links, etc.</p>
 <p>Note that reformatted messages are often better readable than original messages because the margins are removed, and font colors and sizes are standardized.</p>
 <p>The Gmail app shows images by default by downloading the images through a Google proxy server. Since the images are downloaded from the source server <a href="https://blog.filippo.io/how-the-new-gmail-image-proxy-works-and-what-this-means-for-you/">in real-time</a>, this is even less secure because Google is involved too without providing much benefit.</p>
-<p>You can show images and original messages by default for trusted senders on a case-by-case basis by checking <em>Do not ask this again for …</em>. You might need to reset the questions via a button in the miscellaneous settings tab page.</p>
+<p>You can show images and original messages by default for trusted senders on a case-by-case basis by checking <em>Do not ask this again for …</em>. You might need to reset the questions via a button in the miscellaneous-settings tab page.</p>
 <p><br /></p>
 <p><a name="faq36"></a> <strong>(36) How are settings files encrypted?</strong></p>
 <p>🌎 <a href="https://translate.google.com/translate?sl=en&amp;u=https%3A%2F%2Fm66b.github.io%2FFairEmail%2F%23faq36">Google Translate</a></p>
@@ -1836,7 +1836,7 @@ Y1 OK CAPABILITY completed</code></pre>
 <p>Note that a sender will automatically be blocked when a message is moved into the spam folder. You can disable this behavior by disabling the option <em>Automatically block the sender when reporting spam</em> in the behavior settings tab page.</p>
 <p>Since version 1.2143, there is an “<em>Unblock all</em>” button in the receive-settings tab page, which will reset all above options.</p>
 <p>If you receive a lot of spam messages in your inbox, the best you can do is to contact the email provider to ask if spam filtering can be improved.</p>
-<p>Also, FairEmail can show a small red warning flag when DKIM, SPF or <a href="https://en.wikipedia.org/wiki/DMARC">DMARC</a> authentication failed on the receiving server. You can enable/disable <a href="https://en.wikipedia.org/wiki/Email_authentication">authentication verification</a> in the display settings. The feature depends on the header <a href="https://datatracker.ietf.org/doc/html/rfc7601">Authentication-Results</a>, which the receiving email server should add. If the email server doesn’t add an <em>Authentication-Results</em>, which is optional, you can enable native DKIM in the debug panel, which appears when you enable debug mode in the miscellaneous settings tab page (last option). Please be aware that this option will increase both data and battery usage.</p>
+<p>Also, FairEmail can show a small red warning flag when DKIM, SPF or <a href="https://en.wikipedia.org/wiki/DMARC">DMARC</a> authentication failed on the receiving server. You can enable/disable <a href="https://en.wikipedia.org/wiki/Email_authentication">authentication verification</a> in the display settings. The feature depends on the header <a href="https://datatracker.ietf.org/doc/html/rfc7601">Authentication-Results</a>, which the receiving email server should add. The shield will be green only if DMARC passes (=alignment) and either <a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">SPF</a> or <a href="https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail">DKIM</a> passes. If the email server doesn’t add an <em>Authentication-Results</em> header, which is optional, you can enable native DKIM in the debug panel, which appears when you enable debug mode in the miscellaneous settings tab page (last option). In this case, the shield will be green only when DKIM passes and the signer domain matches that of the sender. Please be aware that this option will increase both data and battery usage.</p>
 <p>FairEmail can show a warning flag too if the domain name of the (reply) email address of the sender does not define an MX record pointing to an email server. This can be enabled in the receive settings. Be aware that this will slow down synchronization of messages significantly.</p>
 <p>If the domain name of the sender and the domain name of the reply address differ, the warning flag will be shown too because this is most often the case with phishing messages. If desired, this can be disabled in the receive settings (since version 1.1506).</p>
 <p>If legitimate messages are failing authentication, you should notify the sender because this will result in a high risk of messages ending up in the spam folder. Moreover, without proper authentication there is a risk the sender will be impersonated. The sender might use <a href="https://www.mail-tester.com/">this tool</a> to check authentication and other things.</p>