Deploy360 1 March 2014

Weekend Project: Add DKIM / DNSSEC Verifier To Thunderbird

By Dan YorkDirector, Internet Technology

dnssec-dkimHere’s an interesting weekend project if you use Mozilla Thunderbird as your email client – add the DKIM Verifier add-on to ensure the validity of signatures on email messages.  The connection to DNSSEC is that the public keys for DKIM are stored in DNS and so DNSSEC ensures that you are getting the correct DKIM keys.

This past week Pier Carlo Chiodi published a great tutorial, “Verifying DKIM signatures on Thunderbird with DNSSEC” that walks through the steps of adding the DKIM Verifier add-on to Thunderbird to verify the signature on the message and validate it all via DNSSEC.

As he notes in his text, this tutorials does the DKIM/DNSSEC validation in the client (Thunderbird) while other solutions might do the validation within the email server itself.

Thanks to Pier Carlo Chiodi for writing this tutorial. This is great to see… now we just need similar tutorials for other email clients!

Note: the image in this article is from Pier Carlo Chiodi’s blog post.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...