Verifying email identities of senders, digital signature and what else?

I'm trying to find any technology method to verify outgoing emails to recipients. For example, when I send an email asking credit card information to a client, I include a sort of mechanism or certificate and the recipient verifies the email is actually from me.
After doing some research, I think it's possible to do using digital ID with Outlook. When include my digital ID, the recipient sees the little icon on right top of the message which includes my digital ceritificate. But this works only with Outlook, both sender and recipient have to have Outlook. I sent the same email to a gmail, the email comes with an attachment '.p7s' extension file, which seems it doesn't work.

Is there anyway to make my outgoing email so that the recipient can verify the email is from me?

This is something other than spoofing emails. For example;

my email address is and I have been communicating a recipient for long time. Once day, some bad buy jumps in and created an email address (notice 'n') and tried to steal some information from the recipient by email. In order to prevent this, I guess I have to establish some sort of mutually agreed mechanism to verify in/out emails with the recipient. One way I looked into was digital ID which is provided with Outlook(Tools/TrustCenter/Email Security). But this works only with recipients using Outlook.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sean JacksonInformation Security AnalystCommented:
You can get a client or mail certificate, which will be sent out like your Digital ID is right now.  It will 'sign' your emails, but the recipient needs to be using a client that can read those things.  Gmail, Yahoo, and the like cannot.  Outlook, Thunderbird, etc.

You're looking for integrity in your emails, and that's the best way to do it.  What's even better is if you are communicating with a user and they also have a mail certificate, you can begin encrypting your email back and forth.  

Typically a user is not going to check for the little icon that says it's you when they get an email, so your scenario of the bad guy sending an email is more often than not going to fool them.  But they'll be able to verify that your emails truly come from you, not a third party ne'er do good.
if you can afford to send keys to your recipients and have them do a little setup, pgp (and a few alternatives such as gpg) is available in most mail clients and some webmail.

but then this is quite a hassle for the end user.
also note that what produces the .p7s is smime which is NOT a microsoft project and hence can be used and configured in most mail client including thunderbird (since many years before it made it's way into outlook)

have a look at this nice doc with screenshots (old but it has not really changed since, more complex than what you are looking for but both are configured using that same interface)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crcsupportAuthor Commented:
I guess I have to approach with a different look. Having digital certificate set up with recipient seems not practical for communication with clients having various mail clients.
I would have our staffs to setup their own procedures on how to request/obtain sensitive information.

Thank you all, great information.
sorry i'm unsure there is actually a good solution that does not provide hassle for the clients. maybe cert authentication in browsers is easier to setup. providing your own mail service is obviously an option but i wonder how many clients only use webmails and will neglect to check

note that anyway, sending credit card information by mail is crazily unsafe if the mails are not encrypted even if they have the proper recipient.

you may wish to setup a procedure involving a phone call and let your clients know about this procedure so they do not answer further email. if you have some kind of changing data pertaining to the user, it may be possible to include that piece of data in your communications and let them know.

feel free to post details, and possible solutions
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.