Read on Twitter
So as I blogged before, the emails contained DKIM information, which the original reporters could and should have verified. So I eventually got a copy of the email and run DKIM verification on it. It passed: https://twitter.com/DailyCaller/status/1322005711837155328
We can still have our fun arguments about whether it's taken out of context, or the exact provenance (harddrive vs. hacking into his account). But we do know the email is valid -- through the power of crypto!!
When you attempt to use your favorite DKIM checker (such as Thunderbird with DKIM Verifier add-on), it'll fail at first. That's because the key is 6 years old and no longer provided by Gmail's DNS servers.
So you search the Internet for "TXT 20120113._domainkey.gmail.com" and you'll find lots of answers what the key was 6 years ago: https://github.com/robertdavidgraham/hunter-dkim/blob/main/20120113._domainkey.gmail.com.-TXT.txt
We do have the little problem that we are getting the signing key not from Gmail, but from other sources on the Internet. But there are so many MANY sources all in agreement.
I created a Github project so that YOU TOO can do the verification. It would be awesome if you were to prove me wrong, that I've made some sort of mistake. https://github.com/robertdavidgraham/hunter-dkim
I mean, by "unquestionably" I mean, "extremely probable". But it's through questioning that we acquire knowledge. It's through questioning unquestioned assumptions that we create new knowledge. So question away.
