Sometimes we may want to verify the email address in a mail. That can happens when users ask to unsubscribe from something for instance.

Here the idea is to make sure we do almost the same checks than the ones that would be done if the users would unsubscribe themselves.

So here:
  • We need to verify that the mail was sent from the right server
  • We also need to make sure that the person who sent the mail can also receive mails at the same address.
  • We should not verify the person's name, credentials or similar since they are not needed to do the operation anyway.

Handling cases that require to check more data (like people's identity or if people sent mails on behalf of organizations) would be too complicated to handle and might even put the person who does that in trouble in some cases (we're supposed to respect people's privacy).

How to do the checks manually

For verifying the mail we can save-as the mail for instance to /tmp/Mail.txt

Then we need to install python-dkim to be able to get the dkimverify command. This done with the following command:

For Parabola:

$ sudo pacman -S python-dkim

Or for Guix:

$ guix package -i python-dkimpy

Then we can use dkimverify to verify that the DKIM signatures matches.

$ cat /tmp/Mail.txt | dkimverify
signature ok

We also need to inspect the mail headers manually to make sure that it was sent by and signed from the right server. For instance if the sender address is , a self hosted domain like shouldn't be the one signing the mail and vice-versa.

And finally we can reply to the mail telling that it's done in order to make sure that the person that has access to the mail address has a trace of the unsuscription.

Updated by Denis 'GNUtoo' Carikli 3 months ago · 3 revisions

Also available in: PDF HTML TXT