DKIM Verifier

DomainKeys Identified Mail (DKIM) is a method which allows domains to sign e-mails. The add-on verifies these DKIM signatures and shows the result in the e-mail header. This way it is possible to see which domain is claiming responsibility for a specific e-mail. How the result is shown can be changed in the options.

It is important to note that an e-mail can be signed by an arbitrary domains. A valid DKIM signature alone is therefore not an indicator for a trustworthy e-mail. Always check who the signer is to determine if an e-mail is trustworthy!

In some cases, the absence of a DKIM signature can be useful to identify scam e-mails. If it is known that a certain domain is signing all its e-mails with DKIM, the absence of a DKIM signature is a strong indicator for a forged e-mail.

To ease the checking of if and by who an e-mail is signed, the add-on supports the use of sign rules. With sign rules it is possible to specify that e-mails from a certain sender have to be always signed by a specific domain (also referred to as SDID). More about sign rules at https://github.com/lieser/dkim_verifier/wiki/Sign-rules.

A description of all the available add-on options can be found at https://github.com/lieser/dkim_verifier/wiki/Options.

Support is given at https://github.com/lieser/dkim_verifier/issues or by e-mail to lieser+dkim@posteo.net (in English or German).

The preferred way to report bugs is by creating an issue at https://github.com/lieser/dkim_verifier/issues.

Breaking Changes

Now requires at least Thunderbird 128.
Remove migration of options from versions before 4.0.0.

Enhancements

Fixed incompatibility with Thunderbird 136 (#494).
Authentication-Results header: Improve default behavior about which headers are trusted.
Instead of trusting all it now depends on the newest ARH (#465).

Fixes

If the DKIM result fails because of the check of the sign rules the detailed view now still shows the details of the DKIM signature (#495).
Authentication-Results header: If only an AUID is included again heuristically extract the SDID from it.
Fixed setting default values for boolean preferences with policies on macOS via a `.plist` (#499).

Other

Updated default rules and favicons (#497).

The Add-on queries a DNS Server (default Google Public DNS (8.8.8.8) or the one configured in the OS) for a TXT record specified in the signature, which contains the public key of the signature.
This will happen every time an e-mail with a DKIM Signature is viewed.

If the use of DMARC is enabled additional DNS lookups may be done, even if not DKIM signed e-mail are viewed.

Some add-ons ask for permission to perform certain functions (example: a tab management add-on will ask permission to access your browser’s tab system).

Since you’re in control of your Thunderbird, the choice to grant or deny these requests is yours. Accepting permissions does not inherently compromise your browser’s performance or security, but in some rare cases risk may be involved.

Add-ons

Welcome to Thunderbird Add-ons.

On the go?

DKIM Verifier 6.0.1

by Philippe Lieser

About this Add-on

Developer’s Comments

Version Information

Version 6.0.1 Released March 10, 2025 2.0 MiB Works with Thunderbird 128.0 - 140.*

Add-ons

Welcome to Thunderbird Add-ons.

On the go?

DKIM Verifier 6.0.1

by Philippe Lieser

About this Add-on

Developer’s Comments

Version Information

Version 6.0.1 Released March 10, 2025 2.0 MiB Works with Thunderbird 128.0 - 140.*

Privacy Policy

Permissions

This add-on can:

Report Abuse