Best practices, Dobre praktyki, Security
Best practices, Dobre praktyki, Security
Have you noticed that there is a verified email address badge next to some senders in your inbox? For example – iCloud Mail shows a small stamp with a checkmark, Gmail shows a green shield or circle with a checkmark, while Outlook shows a red ribbon.
These badges of a verified email address, which are visible in most popular email clients, mean that the email has been digitally signed using a certain security protocol, more specifically, S/MIME.
Secure/Multipurpose Internet Mail Extensions is a digital signature that confirms that the sender’s email address was in fact used to send the message by its owner. “Verified email address” means that the sender has been confirmed via a digital signature.
The S/MIME protocol has been in use since around 2004, but it is still fairly unpopular, and not many email users have heard of this security feature. Mainly fintech or the financial sector, e.g. banks or lending companies, choose to use the certificate in their emails. This applies mostly to all transactional messages and those containing sensitive data – these in addition to the signing, are also often encrypted. Employees of various companies very often decide on signing messages with the mentioned certificate in their business mailboxes. Since it is issued on the basis of an ID and employment confirmation, you can be sure that no one outside the company can get such a certificate for an e-mail address on your domain.
An email certificate is like a two-part digital key (consisting of a public and private key) that is associated with your email address. By using a certificate to sign an email, the recipient will know that only the person with the original certificate and private key could have sent it. The public key is used to transmit an identifier – it contains details of the certificate authority, and may also include additional information about the identity of its owner or the company they work for.
Theoretically, each person can create their own certificate to prove that they are the given email address’ owner. However, this is where Certificate Authorities (CA) comes into action. These are institutions that issue different types of certificates – e.g. SSL certificates for encrypting websites or VMCs for displaying BIMI. There are relatively few such Root CAs – all are widely recognized by businesses around the world as trustworthy and secure.
If the mail client notes the presence of an incorrect certificate or issued by one of the non-approved CAs, the message will be marked “Untrusted Signature” with the following (or similar sounding) message:
Mail was unable to verify the authenticity of the S/MIME certificate provided by “sender name and address”. Messages signed by this user may come from another source.
The certificate can be purchased directly from the Certification Authorities mentioned above or from a retailer. A list of CAs approved by Google is available here:
(HERE).
It should not matter which provider you choose. What does matter is which email client you use to send emails – e.g. Outlook, iCloud Mail, etc. Most web-based services – such as Gmail (not counting Google Workspace), do not allow you to add certificates to emails when sending, but if you use e.g. Outlook to send emails from a sender in the Gmail domain, then certificates will work.
You can also use S/MIME for mailings sent through EmailLabs. The self-purchased certificate must be forwarded to us in a secure way (via SFTP) so that we can deploy it on our sending servers. Adding and maintaining a certificate is possible starting from the PRO Plan – ask our Sales Support for details.
If you decide to purchase and implement S/MIME then please note that certificates have a specific expiry date after which they must be renewed. The certification authority can also revoke (cancel) a certificate before its expiry date e.g. in case of false certification or suspicious sendings.
The recipient of the message does not have to do anything special to make the badge visible – certificates are supported by default by many popular email clients. As mentioned in the introduction – the badge will be presented differently depending on the email client you are using.
The following graphics show examples of how a digitally signed message will look.
For a recipient receiving e-mail from their iCloud account on an Apple device
For a recipient receiving e-mail from Gmail on an Android device
In the web service
For a recipient receiving mail from Outlook
Thanks to S/MIME the recipient can be sure that the message comes from the sender, whose e-mail address was indicated in the from field. However, be aware that anyone can buy such a certificate for their e-mail address and then use it illegally. Phishing or Spoofing are some of the most popular methods of fraud on the Internet, which use the sending of e-mails deceptively similar to those we receive every day from known senders. This is often done from the same or a slightly different domain. This is why it is so important that S/MIME itself is complementary to other authentication methods – such as SPF, DKIM, DMARC, and the fairly new standard – BIMI. In addition, it is very important to apply the principle of limited trust to received emails. If you are not sure about their credibility, contact the sender through another channel – e.g. by phone.
Would you like to know more? Contact our Customer Service Team
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
What is the darknet? Shrouded in mystery for many years and often associated with ominous connotations, the darknet is a part of the internet that evokes curiosity, fascination, and...
A few weeks ago, at Vercom, we began the process of implementing the NIS2 Directive and preparing to meet the requirements of the Digital Operational Resilience Act (DORA). What...
If you’ve been following our updates, you’re likely aware of the recent changes in email sender requirements introduced by major global providers like Gmail and Yahoo. As of February...
What is the darknet? Shrouded in mystery for many years and often associated with ominous connotations, the darknet is a part of the internet that evokes curiosity, fascination, and...
A few weeks ago, at Vercom, we began the process of implementing the NIS2 Directive and preparing to meet the requirements of the Digital Operational Resilience Act (DORA). What...
If you’ve been following our updates, you’re likely aware of the recent changes in email sender requirements introduced by major global providers like Gmail and Yahoo. As of February...
Have you ever sent an email in haste and immediately wished you hadn’t? It happens more often than we’d like to admit. If you ever find yourself in this...
One safe and easy way to keep track of your digital interactions is to save emails as PDFs. However, do you know the best ways to easily turn your emails into PDF files? In this article, we’ll look into the different ways you can do to turn your emails into accessible PDF files. Let’s start! Key Takeaways To save emails...
Sending large files online can sometimes feel like maneuvering through a maze with unexpected twists and turns. The frustration of hitting attachment size limits or dealing with slow uploads...
Are you a bit baffled by email protocols like IMAP, POP3, and SMTP? Have no fear – this article is here to explain it all. If you have ever...
In 2024, global providers like Gmail and Yahoo have implemented a series of changes, primarily targeting bulk senders. These changes, already in effect, are part of a continuous update...
In the face of dynamic technological advancements and increasingly sophisticated cyber threats, ensuring network security has become crucial. Dozen security incidents present a challenge that we cannot afford to...