Verifying DKIM Signatures From Command Line

I had never felt the need to verify a DomainKeys Identified Mail (DKIM) message myself. Then, some day, I noticed a suspiciously looking message in my Inbox. The Subject was "Hello Baruch". Since I didn't know the sender, I thought it's definitely spam message. I took a quick look at the message body, and then, just before hitting "Delete", I noticed that this is a job offer from Google. Well, at least that what the message text said. I took a second look and then decided to give it a chance. But before I had responded to this offer I wanted to make sure that this email has travelled through Google's servers. This is where DKIM proved useful.

To verify the DKIM signature of an email message, download and install pydkim. If your are a Debian/Ubuntu user just do

apt-get install python-dkim


apt-get install python3-dkim

Save the message in a RFC 822 formatted file and pipe it through the dkimverify script:

dkimverify < email.mbox

If the message is authentic you should see

signature ok

with 0 exit status. Otherwise, the output is

signature verification failed

with exit status of 1.