Notification emails are DKIM-signed, but key isn't published
Emails (such as the recently sent announcement for Tails 4.2) have a DKIM-Signature header field, but the public key isn't published in DNS, so the signature can't be verified.
The DKIM-Signature header field looks like:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boum.org;
the selector (s= value) is stigmate, so there should be a DNS TXT record containing the public key for the signature at stigmate._domainkey.boum.org, but that record doesn't exist. Instead, my email server reports:
Authentication-Results: <hostname redacted>; dkim=permerror
reason="key not found" header.d=boum.org email@example.com
header.b=tiEniD01; dkim-adsp=none (unprotected policy);