Here’s an interesting weekend project if you use Mozilla Thunderbird as your email client – add the DKIM Verifier add-on to ensure the validity of signatures on email messages. The connection to DNSSEC is that the public keys for DKIM are stored in DNS and so DNSSEC ensures that you are getting the correct DKIM keys.
This past week Pier Carlo Chiodi published a great tutorial, “Verifying DKIM signatures on Thunderbird with DNSSEC” that walks through the steps of adding the DKIM Verifier add-on to Thunderbird to verify the signature on the message and validate it all via DNSSEC.
As he notes in his text, this tutorials does the DKIM/DNSSEC validation in the client (Thunderbird) while other solutions might do the validation within the email server itself.
Thanks to Pier Carlo Chiodi for writing this tutorial. This is great to see… now we just need similar tutorials for other email clients!
Note: the image in this article is from Pier Carlo Chiodi’s blog post.