Digital Certificate Advice


I need to ensure that clients know that an email we send to them has actually come from our email server and has not been "spoofed" from another compromised email server.  I assume I need to digitally sign all emails that go out of our exchange 2003 server at a domain name level if possible.  I cant seem to find the right certificates to do this job as the Digital Signatures seem to be personal and not company wide / enterprise level.  Do you have any suggestions for the best way to achieve my goals?  I am happy to look at other third party products if required.

Who is Participating?
lamaslanyConnect With a Mentor Commented:
I hope you are prepared for a lot of work!  :)

If I were to do this I would set up an internal public key infrastructure and distrubute the root certificate to the clients' that needed it.  

Or are you looking to avoid the root certificate distribution issue?  If so you may be able to get your PKI it cross-signed by a trusted third party (one of the big one's that most OS/browsers trust).
cloughsAuthor Commented:
Yes well I dont want to have to give out keys to all the clients that we email, an easy to use ongoing solution would be the best.  Is it not a common thing to do then for large companies to sign their emails etc?
lamaslanyConnect With a Mentor Commented:
Not that I've seen.

Two that you might want to take a look at:

If you want to dispense with the in-house PKI you could look into managed services.
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Digital signatures need to match the email address they are sent from, not the server.  If you are looking for a server gated solution, you might find  what you are looking for with PGP by adding a hash or something, but I have a feeling you will probably still fall short of what you are looking for.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.