Digital Certificate Advice

Posted on 2009-04-20
Last Modified: 2012-05-06

I need to ensure that clients know that an email we send to them has actually come from our email server and has not been "spoofed" from another compromised email server.  I assume I need to digitally sign all emails that go out of our exchange 2003 server at a domain name level if possible.  I cant seem to find the right certificates to do this job as the Digital Signatures seem to be personal and not company wide / enterprise level.  Do you have any suggestions for the best way to achieve my goals?  I am happy to look at other third party products if required.

Question by:cloughs
    LVL 19

    Accepted Solution

    I hope you are prepared for a lot of work!  :)

    If I were to do this I would set up an internal public key infrastructure and distrubute the root certificate to the clients' that needed it.  

    Or are you looking to avoid the root certificate distribution issue?  If so you may be able to get your PKI it cross-signed by a trusted third party (one of the big one's that most OS/browsers trust).
    LVL 1

    Author Comment

    Yes well I dont want to have to give out keys to all the clients that we email, an easy to use ongoing solution would be the best.  Is it not a common thing to do then for large companies to sign their emails etc?
    LVL 19

    Assisted Solution

    Not that I've seen.

    Two that you might want to take a look at:

    If you want to dispense with the in-house PKI you could look into managed services.
    LVL 31

    Assisted Solution

    Digital signatures need to match the email address they are sent from, not the server.  If you are looking for a server gated solution, you might find  what you are looking for with PGP by adding a hash or something, but I have a feeling you will probably still fall short of what you are looking for.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now