Email is highly secure and encrypted providing your email's are on the same or different domains hosted by GEN. but once an email leaves the secure GEN estate and heads out over the internet it can be subject to interception, modification and spoofing. Technologies such as SPF, DKIM and DMARC allow us to majoritively prevent scammers spoofing your email address, but that doesn't mean they can't create a convincing email that 'looks' like it came from your even though the 'from' address is incorrect. There are however technologies to 'sign' digitally an email and for the receipient to conclusively verify that the email was from you, and is unchanged. This technology is called S/MIME (Secure Multipurpose Internet Mail Extension) and allows the body of an email to be encapsulated within a signed block. When the receipient receives the email, their email client software will verify the signature with public key infrastrucutre and verify that the email is unaltered in transit, displaying a warning on issues. Additioally, by both the sender and receipient exchanging their public keys, email's can be completely encrypted and unreadable in transit, but this feature is rarely used in reality.
We have been using S/MIME for the last decade, and strongly recommend it to any business who is serious about protecting their emails and promoting trust. All Certificates have the following basic features, higher certificates include increased verification and information as well as features.
- Automated Validation
- Digital Signatures for Nonrepudiation
- Certificate Displays Name and Email Address
- Mutual SSL/TLS Client Authentication Capable
- Helps Prevent Email Tampering and Phishing Emails
- Uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Protocol
- Encrypted Emails Using Highest Strength
- Unlimited Reissuances and Key Pairs
- RSA and ECC Supported
- 30 Day Unconditional Refund
There are three flavours of S/MIME protection with increasing levels of certification
The Personal Email Certificate allows digitally signed and encrypted emails to be exchanged between any number of recipients including group threads. The Personal Basic Certificate is intended to protect a single email address with no additional identifying information.
The Personal Pro Email Certificate allows digitally signed and encrypted emails to be exchanged between any number of recipients including group threads. Signed emails also display the signer’s first and last name for improved identification of who’s really sending the email.
The Business Email Certificate allows digitally signed and encrypted emails to be exchanged between any number of recipients including group threads. Signed emails also display the signer’s name and company information for improved identification of who’s really sending the email. The Business Certificate is intended to protect a single email address along with the sender’s name and company identifying information.
How does a S/MIME Signed Email look to the receipient
In Thunderbird (below), a digitally signed message is shown with a sealed envelope, and clicking on the envelope provides the following dialogue. In Apple Mail on Iphone or iPad (right) you can clearly see that the sender is certified with a trusted certificate, and the sender's name will appear with a blue tick next to it.