Verifying email identities of senders, digital signature and what else?
I'm trying to find any technology method to verify outgoing emails to recipients. For example, when I send an email asking credit card information to a client, I include a sort of mechanism or certificate and the recipient verifies the email is actually from me.
After doing some research, I think it's possible to do using digital ID with Outlook. When include my digital ID, the recipient sees the little icon on right top of the message which includes my digital ceritificate. But this works only with Outlook, both sender and recipient have to have Outlook. I sent the same email to a gmail, the email comes with an attachment '.p7s' extension file, which seems it doesn't work.
Is there anyway to make my outgoing email so that the recipient can verify the email is from me?
This is something other than spoofing emails. For example;
my email address is myname@domain.com and I have been communicating a recipient for long time. Once day, some bad buy jumps in and created an email address myname@domainn.com (notice 'n') and tried to steal some information from the recipient by email. In order to prevent this, I guess I have to establish some sort of mutually agreed mechanism to verify in/out emails with the recipient. One way I looked into was digital ID which is provided with Outlook(Tools/TrustCenter/
After doing some research, I think it's possible to do using digital ID with Outlook. When include my digital ID, the recipient sees the little icon on right top of the message which includes my digital ceritificate. But this works only with Outlook, both sender and recipient have to have Outlook. I sent the same email to a gmail, the email comes with an attachment '.p7s' extension file, which seems it doesn't work.
Is there anyway to make my outgoing email so that the recipient can verify the email is from me?
This is something other than spoofing emails. For example;
my email address is myname@domain.com and I have been communicating a recipient for long time. Once day, some bad buy jumps in and created an email address myname@domainn.com (notice 'n') and tried to steal some information from the recipient by email. In order to prevent this, I guess I have to establish some sort of mutually agreed mechanism to verify in/out emails with the recipient. One way I looked into was digital ID which is provided with Outlook(Tools/TrustCenter/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sorry i'm unsure there is actually a good solution that does not provide hassle for the clients. maybe cert authentication in browsers is easier to setup. providing your own mail service is obviously an option but i wonder how many clients only use webmails and will neglect to check
note that anyway, sending credit card information by mail is crazily unsafe if the mails are not encrypted even if they have the proper recipient.
you may wish to setup a procedure involving a phone call and let your clients know about this procedure so they do not answer further email. if you have some kind of changing data pertaining to the user, it may be possible to include that piece of data in your communications and let them know.
feel free to post details, and possible solutions
note that anyway, sending credit card information by mail is crazily unsafe if the mails are not encrypted even if they have the proper recipient.
you may wish to setup a procedure involving a phone call and let your clients know about this procedure so they do not answer further email. if you have some kind of changing data pertaining to the user, it may be possible to include that piece of data in your communications and let them know.
feel free to post details, and possible solutions
ASKER
I would have our staffs to setup their own procedures on how to request/obtain sensitive information.
Thank you all, great information.