Supports Thunderbird [38.0.1 - 60.*].
💸 Tip the Developer ✉ E-Mail the Developer 📑 Issues🐛 🔍 Browse Source Code ⚖ Public Domain
PersonalDKIM is a method of adding DKIM headers locally. DKIM
is designed to be used by mail exchange servers to validate messages passed on by those servers. However, many mail servers do not support DKIM. PersonalDKIM is a way to bypass this limitation.
Unfortunately, there are currently multiple issues with PersonalDKIM's implementation.
• First off, the message body is not hashed in the case of HTML or mixed content messages (including plain-text with attachments). For these messages, the body length to be hashed is set to "0". Thunderbird does not provide a fully formatted mail body during the send process.
• Secondly, many headers are not set in time for the signing process. Particularly the Date, Message-ID, and MIME headers. This means that the signed header list is limited to the To, From, and Subject entries in most cases.
• Third, replay attacks may be possible in situations where the body is not hashed, because the Date and Message-ID headers have not been set. The use of SPF is highly recommended to help combat this vulnerability.
• Fourth, Thunderbird does not like appending headers over a certain size, which means that 2048-bit and larger keys will not work as expected. The resulting signature is simply too long when large keys are used.
• Finally, at present, your Private Key is stored plainly in the Thunderbird config, not as a certificate. As far as I know, the certificates used for DKIM can not be imported into the Certificate Management system. Passwords are stored via Thunderbird's Password Manager, so if you're worried about security, please use a PKCS#5 or PKCS#8 encrypted key. You may also wish to use the master password feature.
The main thing I want to get across is that this extension is not secure. Do not use this extension for anything that requires cryptographic robustness, and do not reuse the Private Key for anything else.
PersonalDKIM is free
for use or modification without limitation. However, it comes with no license, warranty, or guarantee of any kind. That being said, you can still ask any questions
in the Comments
section below, or contact me
directly for assistance.
Be the first to post a comment about PersonalDKIM!