



DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.









Recently, in response to a leaked email suggesting Donna Brazile gave Hillary's team early access to debate questions, she defended herself by suggesting the email had been "doctored" or "falsified". That's not true. We can use DKIM to verify it.

You can see the email in question at the WikiLeaks site: https://wikileaks.org/podesta-emails/emailid/5205 . The title suggests they have early access to debate questions, and includes one specifically on the death penalty, with the text: since 1973, 156 people have been on death row and later set free. Since 1976, 1,414 people have been executed in the U.S Hillary's team uses "hillaryclinton.com", which as DKIM enabled. Thus, we can verify whether some of these emails are true.

Secretary Clinton, since 1976, we have executed 1,414 people in this country. Since 1973, 156 who were convicted have been exonerated from the death row.

It's not a smoking gun, but at the same time, it both claims they got questions in advance while having a question in advance. Trump gets hung on similar chains of evidence, so it's not something we can easily ignore.





Anyway, this post isn't about the controversy, but the fact that we can validate the email. When an email server sends a message, it'll include an invisible "header". They aren't especially hidden, most email programs allow you to view them, it's just that they are boring, so hidden by default. The DKIM header in this email looks like:





DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=hillaryclinton.com; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc; bh=EHIyNFKU1g6KhzxpAJQtxaW82g5+cTT3qlzIbUpGoRY=; b=JgW85tkuhlDcythkyCrUMjPIAjHbUVPtgyqu+KpUR/kqQjE8+W23zacIh0DtVTqUGD mzaviTrNmI8Ds2aUlzEFjxhJHtgKT4zbRiqDZS7fgba8ifMKCyDgApGNfenmQz+81+hN 2OHb/pLmmop+lIeM8ELXHhhr0m/Sd4c/3BOy8=





How do you verify this is true. There are a zillion ways with various "DKIM verifiers". I use the popular Thunderbird email reader (from the Mozilla Firefox team). They have an addon designed specifically to verify DKIM. Normally, email readers don't care, because it's the email server's job to verify DKIM, not the client. So we need a client addon to enable verification.





Downloading the raw email from WikiLeaks and opening in Thunderbird, with the addon, I get the following verification that the email is valid. Specifically, it validates that the HillaryClinton.com sent precisely this content, with this subject, on that date.













Let's see what happens when somebody tries to doctor the email. In the following, I added "MAKE AMERICA GREAT AGAIN" to the top of the email.













As you can see, we've proven that DKIM will indeed detect if anybody has "doctored" or "falsified" this email.









Btw, if you can forge an email that validates correctly as I've shown, I was just listening to ABC News about this story. It repeated Democrat talking points that the WikiLeaks emails weren't validated. That's a lie. This email in particular has been validated. I just did it, and shown you how you can validate it, too.Btw, if you can forge an email that validates correctly as I've shown, I'll give you 1-bitcoin . It's the easiest way of solving arguments whether this really validates the email -- if somebody tells you this blogpost is invalid, then tell them they can earn about $600 (current value of BTC) proving it. Otherwise, no.







Update: I'm a bit late writing this blog post. Apparently, others have validated these, too.



http://dailycaller.com/2016/10/21/heres-cryptographic-proof-that-donna-brazile-is-wrong-wikileaks-emails-are-real/

http://solsticlipse.com/2016/10/21/Verifying-Wikileaks-DKIM-Signatures.html





Update: In the future, when HilaryClinton.com changes their DKIM key, it will no longer be able to verify. Thus, I'm recording the domain key here:



google._domainkey.hillaryclinton.com: type TXT, class IN

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJdAYdE2z61YpUMFqFTFJqlFomm7C4Kk97nzJmR4YZuJ8SUy9CF35UVPQzh3EMLhP+yOqEl29Ax2hA/h7vayr/f/a19x2jrFCwxVry+nACH1FVmIwV3b5FCNEkNeAIqjbY8K9PeTmpqNhWDbvXeKgFbIDwhWq0HP2PbySkOe4tTQIDAQAB I'm a bit late writing this blog post. Apparently, others have validated these, too.In the future, when HilaryClinton.com changes their DKIM key, it will no longer be able to verify. Thus, I'm recording the domain key here:

Recently, WikiLeaks has released emails from Democrats. Many have repeatedly claimed that some of these emails are fake or have been modified, that there's no way to validate each and every one of them as being true. Actually, there is, using a mechanism called DKIM.