Have you noticed that there is a verified email address badge next to some senders in your inbox? For example – iCloud Mail shows a small stamp with a checkmark, Gmail shows a green shield or circle with a checkmark, while Outlook shows a red ribbon.
These badges of a verified email address, which are visible in most popular email clients, mean that the email has been digitally signed using a certain security protocol, more specifically, S/MIME.
Secure/Multipurpose Internet Mail Extensions is a digital signature that confirms that the sender’s email address was in fact used to send the message by its owner. “Verified email address” means that the sender has been confirmed via a digital signature.
The S/MIME protocol has been in use since around 2004, but it is still fairly unpopular, and not many email users have heard of this security feature. Mainly fintech or the financial sector, e.g. banks or lending companies, choose to use the certificate in their emails. This applies mostly to all transactional messages and those containing sensitive data – these in addition to the signing, are also often encrypted. Employees of various companies very often decide on signing messages with the mentioned certificate in their business mailboxes. Since it is issued on the basis of an ID and employment confirmation, you can be sure that no one outside the company can get such a certificate for an e-mail address on your domain.
An email certificate is like a two-part digital key (consisting of a public and private key) that is associated with your email address. By using a certificate to sign an email, the recipient will know that only the person with the original certificate and private key could have sent it. The public key is used to transmit an identifier – it contains details of the certificate authority, and may also include additional information about the identity of its owner or the company they work for.
Theoretically, each person can create their own certificate to prove that they are the given email address’ owner. However, this is where Certificate Authorities (CA) comes into action. These are institutions that issue different types of certificates – e.g. SSL certificates for encrypting websites or VMCs for displaying BIMI. There are relatively few such Root CAs – all are widely recognized by businesses around the world as trustworthy and secure.
If the mail client notes the presence of an incorrect certificate or issued by one of the non-approved CAs, the message will be marked “Untrusted Signature” with the following (or similar sounding) message:
Mail was unable to verify the authenticity of the S/MIME certificate provided by “sender name and address”. Messages signed by this user may come from another source.
The certificate can be purchased directly from the Certification Authorities mentioned above or from a retailer. A list of CAs approved by Google is available here:
(HERE).
It should not matter which provider you choose. What does matter is which email client you use to send emails – e.g. Outlook, iCloud Mail, etc. Most web-based services – such as Gmail (not counting Google Workspace), do not allow you to add certificates to emails when sending, but if you use e.g. Outlook to send emails from a sender in the Gmail domain, then certificates will work.
You can also use S/MIME for mailings sent through EmailLabs. The self-purchased certificate must be forwarded to us in a secure way (via SFTP) so that we can deploy it on our sending servers. Adding and maintaining a certificate is possible starting from the PRO Plan – ask our Sales Support for details.
If you decide to purchase and implement S/MIME then please note that certificates have a specific expiry date after which they must be renewed. The certification authority can also revoke (cancel) a certificate before its expiry date e.g. in case of false certification or suspicious sendings.
The recipient of the message does not have to do anything special to make the badge visible – certificates are supported by default by many popular email clients. As mentioned in the introduction – the badge will be presented differently depending on the email client you are using.
The following graphics show examples of how a digitally signed message will look.
For a recipient receiving e-mail from their iCloud account on an Apple device
For a recipient receiving e-mail from Gmail on an Android device
In the web service
For a recipient receiving mail from Outlook
Thanks to S/MIME the recipient can be sure that the message comes from the sender, whose e-mail address was indicated in the from field. However, be aware that anyone can buy such a certificate for their e-mail address and then use it illegally. Phishing or Spoofing are some of the most popular methods of fraud on the Internet, which use the sending of e-mails deceptively similar to those we receive every day from known senders. This is often done from the same or a slightly different domain. This is why it is so important that S/MIME itself is complementary to other authentication methods – such as SPF, DKIM, DMARC, and the fairly new standard – BIMI. In addition, it is very important to apply the principle of limited trust to received emails. If you are not sure about their credibility, contact the sender through another channel – e.g. by phone.
Would you like to know more? Contact our Customer Service Team
Antispam, Best practices, BIMI
The AuthIndicators Working Group (BIMI Group) recently announced that Apple systems such as iOS 16, iPadOS 16, and macOS Ventura will support BIMI starting this fall. Thus, the infographic showing...
Email marketing communication needs to be properly handled to be effective. Apart from technical matters, building positive subscriber engagement with email communication is very crucial. Nowadays, consumers feel overwhelmed...
RBL is a dynamic, real-time list of IP addresses that are active spammers (intentional actions) or accidental sources of spam. A blacklist based on domain names is called a...
Have you noticed that there is a verified email address badge next to some senders in your inbox? For example – iCloud Mail shows a small stamp with a...
An ESP (Email Service Provider) is a software-based service for email distribution, often based on its servers, optimized for high (mass) traffic. Many of them enable integration with CRM...
Best practices, Deliverability
What is email deliverability? While talking to eCommerce store owners, marketing specialists, or reading various reports on email communication, you may often get the impression that the main criteria...
This article was created in cooperation with CyberFolks, a provider of hosting services for thousands of customers in Poland, helping users to choose and purchase a domain name....
EmailLabs initially will handle Bloomreach (formerly Exponea) emails for Polish e-commerce and retail clients, soon to expand to other CEE countries. ‘We choose EmailLabs for its high email deliverability’....
Vercom, to which EmailLabs belongs, is a European company, fully compliant with the provisions of GDPR and based solely on its own servers located in CEE. We provide our...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
From September 20th, 2021, Apple users may enjoy new operating systems for mobile devices. This, of course, refers to iOS 15 and iPadOS 15. The company has prepared several...
This year, Black Friday falls on November 26th while Cyber Monday on November 29th. So it seems that there are 7 weeks left to prepare well for the battle...
We are happy to announce that we have positively completed the BIMI certification process. By implementing the new security standard we are able to protect ourselves even more against...
The ISO certificate confirms that our organisation has been certified in compliance with the standards, practices and policies to handle information security. It contains rules for establishing, maintaining and...