{"id":13725802,"url":"https://github.com/associatedpress/verify-dkim","last_synced_at":"2025-05-07T20:34:53.621Z","repository":{"id":72276055,"uuid":"143444244","full_name":"associatedpress/verify-dkim","owner":"associatedpress","description":"Tool to verify DKIM signatures on an mbox of emails","archived":false,"fork":false,"pushed_at":"2018-08-03T15:31:36.000Z","size":2,"stargazers_count":89,"open_issues_count":1,"forks_count":7,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-14T16:44:41.802Z","etag":null,"topics":["dkim","dkim-signature","investigative-journalism","journalism","mbox"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/associatedpress.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-03T15:31:18.000Z","updated_at":"2024-10-22T06:56:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"e0aa487e-ba53-4c53-b435-60007f3580eb","html_url":"https://github.com/associatedpress/verify-dkim","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/associatedpress%2Fverify-dkim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/associatedpress%2Fverify-dkim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/associatedpress%2Fverify-dkim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/associatedpress%2Fverify-dkim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/associatedpress","download_url":"https://codeload.github.com/associatedpress/verify-dkim/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252953718,"owners_count":21830891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dkim","dkim-signature","investigative-journalism","journalism","mbox"],"created_at":"2024-08-03T01:02:35.772Z","updated_at":"2025-05-07T20:34:53.589Z","avatar_url":"https://github.com/associatedpress.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# DKIM verification script #\n\nReporters often need to verify the authenticity of leaked emails, and one\nincreasingly popular technique is to check those emails' [DKIM signatures][],\nas [ProPublica documented so well in 2017][].\n\nThe ProPublica post explains how to do this for individual messages, but for\n[a recent story][], The Associated Press' investigative team needed to verify\nmany emails contained in an [mbox][] archive.\n\n[DKIM signatures]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail\n[ProPublica documented so well in 2017]: https://www.propublica.org/nerds/authenticating-email-using-dkim-and-arc-or-how-we-analyzed-the-kasowitz-emails\n[a recent story]: https://apnews.com/d093a02a3d8a4e1b8dc7f5d19475899b\n[mbox]: https://en.wikipedia.org/wiki/Mbox\n\n## Usage ##\n\n```\n$ ./verify_dkim.sh MBOX_FILE\n```\n\nThis script will create an output directory called `messages-organized`, with\nthe following subdirectories:\n\n*   `messages-organized/unsigned` will contain messages that had no DKIM\n    signature at all.\n\n*   `messages-organized/signed/unverified` will contain messages that had DKIM\n    signatures, but for some reason those signatures could not be verified.\n    (This does not necessarily imply forgery; configurations can change over\n    time, and some emails servers just don't behave particularly well.)\n\n*   `messages-organized/signed/verified` will contain messages that had DKIM\n    signatures that were verified as authentic.\n\nThe script also will produce two other outputs:\n\n*   `messages-split` will be a directory containing all of the original emails,\n    not organized in any particular way.\n\n*   `messages-organized.zip` will be a zipped archive of the\n    `messages-organized` directory, suitable for sending via any appropriate\n    medium.\n\n## Other potential formats ##\n\n*   If you have just one message to verify, follow the instructions in\n    [ProPublica's 2017 post][].\n\n*   If you have a directory of many individual messages, consider editing this\n    script to skip the `git mailsplit` call in the `INITIALIZATION` section.\n\n[ProPublica's 2017 post]: https://www.propublica.org/nerds/authenticating-email-using-dkim-and-arc-or-how-we-analyzed-the-kasowitz-emails\n\n## Dependencies ##\n\n*   [Git][]\n\n*   [dkimpy][] and [dnspython][] Python packages:\n\n    ```\n    $ pip install -r requirements.txt\n    ```\n\n[Git]: https://git-scm.com/\n[dkimpy]: https://launchpad.net/dkimpy\n[dnspython]: http://www.dnspython.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fassociatedpress%2Fverify-dkim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fassociatedpress%2Fverify-dkim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fassociatedpress%2Fverify-dkim/lists"}