Verifying email identities of senders, digital signature and what else?

Posted on 2014-08-15
Last Modified: 2014-08-19
I'm trying to find any technology method to verify outgoing emails to recipients. For example, when I send an email asking credit card information to a client, I include a sort of mechanism or certificate and the recipient verifies the email is actually from me.
After doing some research, I think it's possible to do using digital ID with Outlook. When include my digital ID, the recipient sees the little icon on right top of the message which includes my digital ceritificate. But this works only with Outlook, both sender and recipient have to have Outlook. I sent the same email to a gmail, the email comes with an attachment '.p7s' extension file, which seems it doesn't work.

Is there anyway to make my outgoing email so that the recipient can verify the email is from me?

This is something other than spoofing emails. For example;

my email address is and I have been communicating a recipient for long time. Once day, some bad buy jumps in and created an email address (notice 'n') and tried to steal some information from the recipient by email. In order to prevent this, I guess I have to establish some sort of mutually agreed mechanism to verify in/out emails with the recipient. One way I looked into was digital ID which is provided with Outlook(Tools/TrustCenter/Email Security). But this works only with recipients using Outlook.
Question by:crcsupport
    LVL 5

    Assisted Solution

    by:Sean Jackson
    You can get a client or mail certificate, which will be sent out like your Digital ID is right now.  It will 'sign' your emails, but the recipient needs to be using a client that can read those things.  Gmail, Yahoo, and the like cannot.  Outlook, Thunderbird, etc.

    You're looking for integrity in your emails, and that's the best way to do it.  What's even better is if you are communicating with a user and they also have a mail certificate, you can begin encrypting your email back and forth.  

    Typically a user is not going to check for the little icon that says it's you when they get an email, so your scenario of the bad guy sending an email is more often than not going to fool them.  But they'll be able to verify that your emails truly come from you, not a third party ne'er do good.
    LVL 25

    Assisted Solution

    if you can afford to send keys to your recipients and have them do a little setup, pgp (and a few alternatives such as gpg) is available in most mail clients and some webmail.

    but then this is quite a hassle for the end user.
    LVL 25

    Accepted Solution

    also note that what produces the .p7s is smime which is NOT a microsoft project and hence can be used and configured in most mail client including thunderbird (since many years before it made it's way into outlook)

    have a look at this nice doc with screenshots (old but it has not really changed since, more complex than what you are looking for but both are configured using that same interface)
    LVL 1

    Author Comment

    I guess I have to approach with a different look. Having digital certificate set up with recipient seems not practical for communication with clients having various mail clients.
    I would have our staffs to setup their own procedures on how to request/obtain sensitive information.

    Thank you all, great information.
    LVL 25

    Expert Comment

    sorry i'm unsure there is actually a good solution that does not provide hassle for the clients. maybe cert authentication in browsers is easier to setup. providing your own mail service is obviously an option but i wonder how many clients only use webmails and will neglect to check

    note that anyway, sending credit card information by mail is crazily unsafe if the mails are not encrypted even if they have the proper recipient.

    you may wish to setup a procedure involving a phone call and let your clients know about this procedure so they do not answer further email. if you have some kind of changing data pertaining to the user, it may be possible to include that piece of data in your communications and let them know.

    feel free to post details, and possible solutions

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now