How can you be sure that the email has come from who it purports to represent? And how do you stop a received email from being changed? Well read on…
In searching the Internet, there are many tutorials on how to setup your chosen email software client for digital certificates, but, they usually don’t go into why you would want to do this. This is not a setup tutorial, this article is discussing the business reasons why you may want to use a digital certificate for sending emails.
Email Assurance
One of the biggest advantages in using a S/MIME certificate or digitally signed email, is that the recipient knows that you and only you sent this email and there is a 100% guarantee that it originated from your mailbox. This is important where you are sending an important piece of information, perhaps an invoice requesting payment, or, negotiating contractual terms, or in our case, perhaps a link to genuine software for installation.
Here in Ireland, The Revenue’s Online Service, ROS, routinely sends digitally signed emails in order to assure the recipient that the message was from them, usually asking for submission and payment of taxes.
How to recognise a signed certificate
In your list of new emails in your inbox, you will see a red (or orange) a certificate symbol proving authenticity before you open the email. It looks like this.
How does it work
Well, a S/MIME digital email certificate, is a form of SSL certificate, similar to the encryption used between you and a website you visit, but, instead of identifying the website, it instead identifies a unique email address using public and private keys.
When your email software receives a digitally signed email containing a hash key (as a hidden attachment), it can check it was sent by you by using your email address’s public key to decrypt the hash. Since you are the only person who has the private key to create the hash key in the first place, it can only be you who sent the email. This is an important concept, and gives the recipient the confidence that it really was you who sent the email.
Additionally, if the recipient tries to alter your email, say by changing the contract price, they cannot without losing the email’s certification. The email is no longer digitally signed by you, and is then easily identified as a forgery.
Getting a SMIME Digital Certificate
If you want your clients and suppliers to trust your every email word, then a digital certificate is for you. This is no longer expensive and the cost can vary on the Internet from providers. You need to search for “S/MIME certificates” and can costs as little as €9 per certificate per year. Some companies offer multi-year discounting.
Your IT support person (or IT support provider) can assist you with the initial creation of the certificate, and once created, the installation is easy. On a scale of 1 (easy) to 5 (difficult), creation, installation, and renewal of the certificate rated with the following difficulty…
- Creation: Difficulty 4/5
- Installation: Difficulty 2/5
- Renewal: Difficulty 1/5
Unusual benefits
An unusual benefit appears that most spam filters can check the authenticity of your email, and you will pass any anti-spoofing spam email checks that they perform. This doesn’t mean to say you will get past all spam filters, but, it is a considerable benefit when sending invoice attachments and preventing “bounce backs”. Gone are the days of, “Oh, I didn’t get that invoice..!”
Encrypting email between two recipients both with valid S/MIME certificates
If two correspondents both have S/MIME certificates, they can send encrypted emails between each other that are unreadable by anyone else. Doing this is actually simple. Send a blank signed email to the other party. They then save you in their contacts. They then do the same and you save them as a contact. Once both address books have each other you can now send an encrypted email between you. To do this, just before clicking “Send” when sending the emails, you can encrypt the email by clicking the encrypt button in options. See the picture above. The email is then both digitally signed and encrypted.
I hope that you enjoyed this little ramble on why businesses may want to use S/MIME digital certificates in order to secure their emails and give trading partners assurance to the authenticity of their digital systems.