Domain Keys Identified Mail, or DKIM, is a highly regarded email security system that can be used to independently authenticate the contents and sender of an email that uses it.
DKIM was developed and is widely deployed as an email server anti-spam mechanism, including on Gmail.com and HillaryClinton.com. DKIM-enabled mail servers cryptographically sign the emails they relay so that the recipients’ mail servers can authenticate them. DKIM has the beneficial side-effect of causing messages to become “cryptographically non-repudiable”; that is, after the email has been sent, the sender cannot credibly repudiate the message and say that it is a forgery. A DKIM mail server creates a cryptographically strong proof attesting to the authenticity of the email, which it adds to each of the headers of each email it sends. This cryptographic proof can then be tested by anyone who obtains a copy of the email.
In the Podesta email archive, many of the politically significant emails use DKIM authentication, including several contentious emails which some politicians have attempted to repudiate. These mails are, in fact, signed by HillaryClinton.com’s email provider, Google. This authentication is on top of the journalistic validations of the email archive already carried out by WikiLeaks.
For example, an email that DNC Chair Donna Brazile falsely claimed to be “doctored by Russian sources” is in fact validated. Similarly validated is the email referencing a future appointment of Tim Kaine as Vice-President of the United States, which Mr Kaine publicly attempted to allege was fake. Both these emails have been secondarily validated by Google as being sent, with the content exactly as published by WikiLeaks.
You can see on our pages a notice when an email has additional validation through DKIM. What does this mean? It means that the content of the email has been independently verified to be authentic in its entirety and this verification process can be performed by anyone. Most DKIM- authenticated emails are essentially indisputable.
You can see the DKIM signatures on emails that have them by clicking on the “view source” tab and looking at the email’s headers for “DKIM-Signature:”, for example:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to:cc:content-type; bh=LMXa7c2eNKxvY4PrcbVDYCrY8kI1NpfrYq0D1CP9cM0=; b=cGVf2qJhuzMfD3qsH8q9pABcHFE3ll1t/sw8jT3fNJ…..==
Due to the complexities of modern email systems, and the fragility of cryptographic signatures, any formatting or character change to a message or many of its headers, no matter how small, will prevent a message from being validated. As a result, while the proof conveyed by a valid signature is strong (the message is authentic), the failure of the validation process has little meaning. It definitely does not mean the email is invalid, it just has not been positively validated in this way. The reasons vary by message. Many email systems routinely modify mail after it has been sent and before it is delivered, doing such things as adding footers, legal notices and updating certain mail headers or the message’s content encoding. These include thousands of messages from Google Groups and other mailing lists, as well as Google Calendar reminders, and many mails that have been forwarded through one or more systems, including mini mail servers on portable devices, before arriving in Mr Podesta’s Gmail inbox. Some of these types of message do validate, but large numbers of them do not. It is easy to independently verify, using other email collections such as your own inbox, that these types of emails are frequent. Emails with any of the headers “X-Google-Loop”, “Resent-From”, “List-Id”, or “Sender” are disproportionately represented in this group. Keys also change over time or multiple keys may be active at one time due to mail server or DNS (mis)configuration. In some cases, non-validating messages can be made to validate by attempting to guess the suspected formatting or forwarding modifications to the headers or body and reversing them.
For more information, see http://www.dkim.org/ and https://blog.returnpath.com/how-to-explain-dkim-in-plain-english-2/
For weeks now, we’ve seen a steady stream — not just leaks — of information about possible contacts between the Trump campaign and the Russians. This is after the F.B.I. and our intelligence community determined that Russia interfered in the United States election with the aim of electing Donald Trump president.
For the sake of our country, and our democracy, this level of interference calls for a thorough and independent investigation. And that investigation needs to start now.
These malicious attacks were not a momentary cyber intrusion. The attacks were coordinated by a foreign adversary and executed for over a year with devastating results for those of us who were targeted, and ultimately for every American.
The recent spate of revelations shows communications between Trump officials and Russian operatives, conversations between Kremlin officials about their contacts with Trump associates, and information from our allies about meetings between the Trump team and Russian operatives in Europe.
We now know that Attorney General Jeff Sessions met with the Russian ambassador at least twice last year, despite his sworn testimony before Congress that he had no contact with Russian officials during the campaign. But it is not just Mr. Sessions and Michael Flynn (who has resigned over his conversations with the Russians) who have misled officials and the public about the campaign’s contact with Moscow. The Trump campaign and Trump White House – up to and including Mr. Trump himself – have repeatedly claimed there was no contact between the Trump team and Russia during the campaign, which we now know is not true.
Despite all the deeply troubling evidence, the White House continues to insist that “there’s no there there.”
In light of all of this, you would think Republican leaders in Congress would put their country before politics and call for an impartial investigation. Yet even now, the number of congressional Republicans who have come forward to demand a proper, independent investigation by a special prosecutor is embarrassingly small.
As a former presidential campaign manager, I know that the very essence of a campaign is its strategy, the ability to design a winning plan. A winning plan requires research, resources and personnel. Russia’s attacks on the Democratic National Committee during the 2016 election cycle compromised each of these elements.
When I was asked last July to step in temporarily as D.N.C. Chair, I knew things were amiss. The D.N.C. had been hacked, and thousands of staff emails and documents were plastered on various websites. Staff were harassed, morale suffered, and we lost weeks of planning. Donors were harassed, and fundraising fell off.
Then in October, a subsequent release of emails revealed that among the many things I did in my role as a Democratic operative and D.N.C. Vice Chair prior to assuming the interim D.N.C. Chair position was to share potential town hall topics with the Clinton campaign. I had been working behind the scenes to add more town hall events and debates to the primary calendar, and I helped ensure those events included diverse moderators and addressed topics vital to minority communities. My job was to make all our Democratic candidates look good, and I worked closely with both campaigns to make that happen. But sending those emails was a mistake I will forever regret.
By stealing all the DNC’s emails and then selectively releasing those few, the Russians made it look like I was in the tank for Secretary Clinton. Despite the strong, public support I received from top Sanders campaign aides in the wake of those leaks, the media narrative played out just as the Russians had hoped, leaving Sanders supporters understandably angry and sowing division in our ranks. In reality, not only was I not playing favorites, the more competitive and heated the primary got, the harder D.N.C. staff worked to be scrupulously fair and beyond reproach. In all the months the Russians monitored the D.N.C.’s email, they found just a handful of inappropriate emails, with no sign of anyone taking action to disadvantage the Sanders campaign.
But the damage was done. Politics has never been considered a clean sport, but 2016 marked a new low. The D.N.C., a political party committee dedicated in part to defending free and fair elections, was attacked by the Russians while the Republican nominee for president openly encouraged it. This was not a Hollywood movie about rogue spies and super agents. This was real life.
Despite the widely accepted conclusion that Russia launched an unprecedented attack on our democracy, our new President and many in the Republican party are brushing this off. President Trump claims the R.N.C.’s cyber defenses thwarted the Russians’ best efforts to penetrate them, and the D.N.C. has only itself to blame for inadequate security. But this wasn’t a “400-pound hacker” in a basement, as Mr. Trump suggested; this was a foreign military cyber command that also penetrated the White House and the Joint Chiefs. If they did not break in somewhere, it’s not because they couldn’t—it’s because they didn’t want to.
Let me be clear: This is not just the price of politics. This is not normal. We cannot let this stand. Our democratic process itself was attacked and harmed, and all Americans should be concerned.
Senator Chuck Schumer has called for an independent investigation of these attacks. He wants the Deputy Attorney General to appoint a special prosecutor, or, if the Department of Justice refuses, then Congress needs to create a new and improved version of the Independent Counsel Law, giving a three-judge panel the authority to appoint an independent counsel. And while Attorney General Sessions has recused himself from any investigation into contacts between the Trump campaign and the Russian government, the inspector general of the Department of Justice still needs to investigate Mr. Sessions’ own involvement in this matter.
There is still much we don’t know about the methods and specific objectives of the Russian government and others involved in these cyberattacks. Americans deserve to know what happened, and who knew what and when. Without an independent investigation to uncover the truth, these troubling questions will not go away. We also need a 9/11-style independent commission to make sure our country identifies the steps we need to take to prevent similar attacks in the future. We let this happen once, but we must never let it happen again.
Donna Brazile, a Democratic political strategist, is the author of Cooking With Grease: Stirring the Pots in American Politics.