Yes, we can validate the Wikileaks emails via DKIM

alexpmorris (65) in wikileaks • 8 years ago (edited)

Yes, we can validate the Wikileaks emails via DKIM - Many have repeatedly claimed that some of these emails are fake or have been modified, that there's no way to validate each and every one of them as being true. Actually, there is, using a mechanism called DKIM.

DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.

Another question is whether DKIM could be forged if the email server is compromised. At the end of the day anything's possible, but I believe both the sending and receiving server domain private keys would have to be compromised to pull that off. And in this case, the Podesta emails were from google GMail, which is very unlikely to have been a server-level hack.

Full story: http://blog.erratasec.com/2016/10/yes-we-can-validate-wikileaks-emails.html

wikileaks forged emails dkim

8 years ago by alexpmorris (65)

$0.00

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

ausbitbank (73) · 8 years ago

Apparently there are some emails failing DKIM , I've been watching a few private chats where people have been working on checking the full set.

Heres an sqlite db with the results of the checks so far with a warning from its creator

I havent fully vetted it yet, or published the script. But you're more than welcome. Just don't claim it 's 100% verified. It's built using dkimpy and dnspython, fyi. Everything was done using bytestrings to avoid any encoding issues. I let 'email' handle the decoding based on content-type/content-disposition/etc headers.

https://mega.nz/#!n9FBXRya!xYXqlsX0QkMQZiGLZ3qZ26d5hF05iZseg6jJjgd-uDk

$0.00