Android Add-ons
Welcome to فایرفاکس برای آندروید Add-ons.
Add extra features and styles to make فایرفاکس برای آندروید your own.
CloseReviews for DKIM Verifier
56 reviews for this add-on
Rated 2 out of 5 stars
Dear developer,
First of all, thank you for maintaining DKIM Verifier — it’s a valuable tool for inspecting email authentication. After extensive testing with real-world messages (including transactional emails from banks and major providers routed through Microsoft 365), I’d like to offer some constructive feedback to clarify how the add-on behaves and how its results are interpreted.
Key observations:
1. DKIM “Invalid” ≠ Forged or Malicious
Many legitimate emails show “Invalid (E-Mail was modified)” due to intermediate modifications by trusted relays (e.g., Microsoft’s mail.protection servers). These include added headers, MIME changes, or encoding adjustments that break the original DKIM signature. This is expected behavior, but users may misinterpret it as a security issue.
2. Authentication-Results header is essential
The actual SPF/DKIM/DMARC verdict from the receiving server (shown in the Authentication-Results header) often provides a more accurate picture of message legitimacy than re-verifying DKIM alone. It would be helpful if the add-on emphasized this distinction more clearly — perhaps with a tooltip or optional overlay.
3. DKIM Verifier is excellent for spotting forged messages
When DKIM is missing, malformed, or signed by a mismatched domain, the add-on correctly flags these as suspicious. In such cases, the “Invalid” result is meaningful and actionable.
4. The DKIM button view lacks context
The popup accessed via the toolbar button shows DKIM status, selector, and signed headers, but it doesn’t explain why the signature failed or whether the failure is benign (e.g., due to Microsoft’s processing) or critical (e.g., forged domain). Including a short summary or link to interpretation guidance would help non-technical users.
5. SPF and DMARC status are not surfaced
Since DKIM alone is not sufficient to assess message authenticity, it would be valuable if the add-on optionally displayed SPF and DMARC results from the Authentication-Results header alongside DKIM status.
Suggestion:
Consider adding a “DKIM failed due to message modification by trusted relay” note when the failure matches known patterns (e.g., Microsoft 365, Gmail). This would reduce false alarms and help users focus on genuinely suspicious messages.
Thanks again for your work — the add-on is powerful, and with a few usability tweaks, it could be even more effective for everyday users and security-conscious professionals alike.
Best regards,
[A user from Finland testing DKIM Verifier with real-world banking and Microsoft 365 messages]
Rated 5 out of 5 stars
Thank you.
Rated 1 out of 5 stars
Very nice extension but why does it need full access to my computer ?
OK as Portable App or on test machine but unacceptable on a production computer.
Is this a Security add-on or a backdoor ?
The reasons why the add-on needs full, unrestricted access to Thunderbird are described in https://github.com/lieser/dkim_verifier/wiki/FAQ#why-does-the-add-on-need-full-unrestricted-access-to-thunderbird.
Also note all versions of such add-ons are reviewed by another person.
It is understandable if you still don't want to grant the add-on such access.
But to imply malicious intend is a little rude.
Rated 5 out of 5 stars
Indispensable extension! I got hooked on checking the authentication of the emails I receive. The translation into my language, Portuguese, is excellent, clearly done with care, not automatic. You can tell the developers are dedicated. Highly recommend!
This review is for a previous version of the add-on (6.1.0).Rated 5 out of 5 stars
Thank you to the developer for this wonderful and stable application. Very useful.
This review is for a previous version of the add-on (6.1.0).Rated 5 out of 5 stars
A great, simple and useful extension. If configured with the option to add a background colour to the sender's email address, it's immediately evident at a glance if DKIM is valid or not.
This review is for a previous version of the add-on (6.1.0).Rated 5 out of 5 stars
Very useful add-on. I hope to see a long-term follow-up. Thank you for your excellent work.
This review is for a previous version of the add-on (6.1.0).Rated 5 out of 5 stars
Very useful add on. Make sure that you activate the visual highlighting in the add-on settings.
This review is for a previous version of the add-on (6.0.1).Rated 5 out of 5 stars
Excellent Add-On
This review is for a previous version of the add-on (6.0.1). This user has a previous review of this add-on.Rated 5 out of 5 stars
Excellent!
This review is for a previous version of the add-on (6.0.1). This user has a previous review of this add-on.Rated 5 out of 5 stars
Works well! Allows me to quickly see whether a message passes DKIM validation.
This review is for a previous version of the add-on (5.6.0).Rated 5 out of 5 stars
Great extension
This review is for a previous version of the add-on (5.5.0).Rated 5 out of 5 stars
A stellar plugin that does real damage to spam.
DKIM is a huge bonus to the emailing community and works perfectly for servers and admins, but the public doesn't know about it. This allows spammer to win.
DKIM Verifier nukes these spamming scum by showing you very clearly if the account is correct, exists and authorised.
The colour combinations are awesome.
This plugin is definitely one that should be incorporated into Thunderbird by default, its that good.
Recommendation - Use it.
Rated 1 out of 5 stars
I just received an email from ebay, to a gmail account that I don't use for ebay. I sent the email to ebay who verified that it did not come from them. However, DKIM says it is a valid and genuine email from ebay.
Not sure if DKIM has any other use than the simple one I'm using it for, but for me it's a massive fail.
Could you please send the e-mail as a saved eml file to me via e-mail (lieser+dkim@posteo.net)?
I would be very interested to better understand what is going on, instead of guessing and explanation.
Rated 5 out of 5 stars
Great addon!
This review is for a previous version of the add-on (5.4.0). This user has a previous review of this add-on.Rated 4 out of 5 stars
This is great as it could help verify DKIM signs. However, it does NOT like a good idea to solely use this extension to tell if the email is forged or not:
Today I just received an phishing mail and I configured mails to be forwarded by mailgun to my gmail. DKIM verifier says that it is signed by my domain with a yellow warning. If you enable "Read Authentication-Results header" in options it just shows valid (with my domain) and spf pass without any warnings. However, the correct mail auth info before forwarding is inside the ARC headers, and DKIM Verifier does not read this.
Rated 5 out of 5 stars
Nice
This review is for a previous version of the add-on (5.3.1).Rated 2 out of 5 stars
All emails are apparently invalid and have been modified. Even those that come from known and trusted security focused services.
EDIT: Reading your Wiki link indicates that your extension doesn't work with one of a largest email providers - Microsoft.
It looks like a well known issue to you and yet there is no mention of it on the extension's Add-Ons page. I think it would it be appropriate to add it.
I'm not reporting a problem, I'm reviewing the extension. As it stands, it doesn't work and this review is a signal to others that there are issues with it.
This is probably a problem of your e-mail provider, who modifies incoming e-mails. See https://github.com/lieser/dkim_verifier/wiki/FAQ#all-or-almost-all-e-mails-with-dkim-signature-are-failing-with-the-same-error for more information.
Next time please don't use the reviews to report problems. Use https://github.com/lieser/dkim_verifier/issues or write me an E-Mail (in English or German).
Rated 5 out of 5 stars
Works great!
This review is for a previous version of the add-on (5.3.1).Rated 5 out of 5 stars
I wish I found this plugin sooner! Someone wrote it's awfully slow. From the time of this review, I have had my own Mail-In-A-Box Server on AWS for almost the past decade. I use IMAP with Thunderbird. The DKIM check is almost instantaneous!
To the developer; Thank you for your hard work and time you placed into this plugin! Great work!
To create your own collections, you must have a Mozilla Add-ons account.
