Rated 1 out of 5 stars

About half of the time that I see a green bar, indicating a DNSSEC-validated DKIM signature, it is in error. For example, gmail.com sometimes (but not all the time) triggers the green bar, yet gmail does not have DNSSEC enabled.

Conversely, I see a yellow bar when I know that DNSSEC is enabled and the signature is OK (e.g., my own domain).

I've also seen the red bar when my email server (using open-dkim) has checked the DKIM signature and said both the signature and DNSSEC are good.

The first couple of weeks I was using this add-on, I saw the green, yellow and red bars on the various emails I was receiving and I thought, wow, this is a great add-on.

Only after I checked the validity (compared to what open-dkim) of what this add-on was telling me did I find out that it appeared to be incorrect more than it was correct.

In short, I was drawn in by the changing colors. When I started to check the validity of those changing colors, I found them to be wrong just about as much as they were correct.

Hardly a good performance for security-oriented software.

Need more Information

Unfortunately, the Information you provided is not enough for me to reproduce any of your Problems.
Could you please answer the following Questions, via E-mail to dkim.verifier.addon@gmail.com or by opening a new issue at https://github.com/lieser/dkim_verifier/issues?
Debug output can be enabled in the advanced options, and is then shown in the Error-Console (Ctrl + Shift + J).

"gmail.com sometimes (but not all the time) triggers the green bar, yet gmail does not have DNSSEC enabled."
- I assume you have changed the default resolver to the libunboud one, and in the advanced options changed the option to handle not DNSSEC signed keys as a warning?
- That is shown in the debug output for "DKIM_Verifier.libunbound" and "DKIM_Verifier.DNSWrapper"?

"I see a yellow bar when I know that DNSSEC is enabled and the signature is OK (e.g., my own domain)."
- That is the shown warning message?
- That is shown in the debug output?
It could also help if you could sent me a message with this problem as a save .eml file to dkim.verifier.addon@gmail.com

"red bar when my email server (using open-dkim) has checked the DKIM signature and said both the signature and DNSSEC are good"
- That is the shown error message?
- That is shown in the debug output?
It could also help if you could sent me a message with this problem as a save .eml file to dkim.verifier.addon@gmail.com

Please don't get the following wrong, I am very happy about constructive feedback. But AMO reviews are not the right place for a bug report.
Next time please first use one of the provided Support options (https://github.com/lieser/dkim_verifier/issues, http://forums.mozillazine.org/viewtopic.php?f=48&t=2704121 or by e-mail to dkim.verifier.addon@gmail.com). Thanks.

Strongly recommended Rated 5 out of 5 stars

Great tool, should be a default feature of Thunderbird!

Ez az értékelés a kiegészítő előző verziójához készült (1.3.3). 

Nice but beware the default setup on Ubuntu Rated 4 out of 5 stars

I had to uncheck the "Use OS DNS servers" setting (loosely translated from French) because on my Ubuntu 14.04 the local cache resolver "dnsmasq" does not answer, as I read in the console :

2015-02-05 18:40:21 DKIM_Verifier.JSDNS INFO Resolving 20120113._domainkey.gmail.com TXT by querying 127.0.1.1

2015-02-05 18:40:21 DKIM_Verifier.JSDNS DEBUG 20120113._domainkey.gmail.com/TXT: No answer, no authority to recurse on. DNS lookup failed.

Once I uncheck this, it works.

Ez az értékelés a kiegészítő előző verziójához készült (1.3.1). 

Unfortunately I am unable to reproduce this on my Ubuntu 14.04 installation. If you are interested in trying to find the problem please write an e-mail to dkim.verifier.addon@gmail.com.

Great add-on! Rated 5 out of 5 stars

Works flawlessly.
Nice set of options.
Outstanding personal support from the author.

Ez az értékelés a kiegészítő előző verziójához készült (1.0.5). 

Rated 5 out of 5 stars

Thank you very much for this addon. I searched for this for a long time.

Ez az értékelés a kiegészítő előző verziójához készült (1.0.5). 

Really useful! Rated 5 out of 5 stars

Really useful to debug server configurations and to be more sure about certain emails

Ez az értékelés a kiegészítő előző verziójához készült (1.0.4). 

Rated 5 out of 5 stars

Awesome! Works exactly as advertised. This functionality should be included in Thunderbird by default.

Ez az értékelés a kiegészítő előző verziójához készült (1.0.3). 

Rated 5 out of 5 stars

This is great! As a sysadmin I'm just curious what other domains are using dkim and how. This makes easy to see. I like it even better with the options set to (i) highlighting on, even for unsigned emails (I make 'em pink); (ii) and display-even-when-testing on (many big domains leave testing on, e.g., comcast); (iii) show DKIM header when an email is viewed, so that you affirmatively get a message even for unsigned emails. So I'd move to make those the defaults. Separately, note to the developer since it might be in your skillset, if you created a DMARC filter extension (i.e., send to junk those messages that fail senders DMARC policy) for Thunderbird that would be bomb. It's probably best done by the MTA, but a client side options is always neat to have.

Ez az értékelés a kiegészítő előző verziójához készült (0.6.0). 

Rated 3 out of 5 stars

It wrote:
"DKIM: Message is not an e-mail"

Ez az értékelés a kiegészítő előző verziójához készült (0.4.2). 

Fixed in version 0.4.3

Could you please provide more information, so I can try to fix this?
Best at https://github.com/lieser/dkim_verifier/issues, http://forums.mozillazine.org/viewtopic.php?f=48&t=2704121 or by e-mail to dkim.verifier.addon@gmail.com.

Here some of the Information that would be helpful:
Does this happen with every e-mail, or just one?
If you enable debugging in the options, is there an error message that says “Message is not in correct e-mail format”?
If you now how to, can you look in the profile folder which line ending (LF or CR+LF) is used for the e-mail?
I assume you are using version 0.4.2 of this add-on?

If you have an e-mail without personal information in it, to which this happens, it would also be nice if you could save it (right click and “Save as...”, or in the header “Other Actions” and “Save as...”) and send the file to me, so I can test it my self.
But if you answer all additional questions what appear during testing, it's probably not necessary.

Thanks.

---------------------------------------
Edit:
Problem fixed in version 0.4.3.

Rated 4 out of 5 stars

It works!

Looking forward to a more polished UI. In particular, I'd like it to be visible at all times, and to highlight the "From" email's domain as either green (verified), orange (unsigned) or red (verified-wrong).

Ez az értékelés a kiegészítő előző verziójához készült (0.3.0). 

Your suggestions are added in version 0.4.0. If you don't mind installing a unreviewed version, you can download it already from https://addons.mozilla.org/addon/dkim-verifier/versions/