Digital signature solutions for email signing, verification & archiving

Business Need

Emails are an essential business tool these days. However with online identity theft, phishing attacks and a range of other threats end-users are often mislead into trusting bogus emails from reputable firms. Similarly any legitimate emails or attachments can easily be modified by attackers impacting your important business brand as well as reputation! Digitally signing emails and even better signing of attachments is the answer, however deploying signing keys to all your end-users and making it easy for them to use has been difficult so far.

Even more difficult has been the process of verifying signed emails (and attachments) by end-users. Local trust anchors are not always up to date and the verification results windows are confusing for normal end-users on whether the email can be trusted or not.

Ascertia believes it’s much better to do signing and verification operations automatically on the server and handle any errors automatically (e.g. block emails whose digital signatures are not trusted, or send to administrator etc.). Furthermore this greatly simplifies key management and security with a centralised security server, as well as centralised logging, management and control.

Overall in our opinion email is a universal transport but it is a poor choice for sending important data. Email body text should be used for setting a context for the human or automated application. Real trustworthy information should always be sent as an attachment with an appropriate digital signature applied.