Possible to use Gmail DKIM Signature to find when email was really sent?
Posted on 2011-09-20
I have recently been forwarded an email which I believe may be a fake.
Due to this I requested full headers to also be sent, which all look legitimate. It's from one Gmail account to another.
However, I noticed in the headers is the encrypted DKIM Signature. Is there a way to decrypt this, as I believe it may contain information about when the email was sent, which may not corroborate with the time stated in the rest of the headers. I believe the email was actually sent one month earlier than the rest of the headers suggest.
Can the DKIM Signature be used for this purpose, and if so, how can I decrypt it? Or if this is simply not possible and I am misunderstanding the purposes of a DKIM Signature, that is an answer too.