Manage Learn to apply best practices and optimize your operations.

How to keep messages secure with an email digital certificate

Using an email digital certificate can help protect important information from being read by anyone except the intended recipient.

I just received an email from a colleague (referring to our malaria relief programs in a number of countries). Strangely, nearly all the country names were removed/deleted from the text. Note that it seems to be only the names of the countries that are interfered with, nothing else. This must have happened while the email was in transit. It's not the first time this has happened. Why do you think this might be happening?
Even though data is missing from your email, if it is not sensitive or of any value, it is unlikely that this is a malicious attack. It could be a formatting problem with one email program not correctly handling or displaying the content received from another email program. To solve this type of problem, you should check your email program's options. For example, if you use Microsoft Outlook, go to Tools, Options and select the Preferences tab. Here you can change the appearance of messages and how they are handled.

If this doesn't solve your problem and you are sure that your emails are being intercepted and interfered with during transit, then you and your colleagues need to use an email digital certificate to sign and encrypt them. This will ensure nobody other than the intended recipient can read them and the recipient will be able to ensure they haven't been tampered with.

A digital certificate comprises a private key that is stored on the sender's computer and a certificate containing the related public key. You can acquire a digital certificate from what's called a Certification Authority (CA), such as VeriSign Inc. VeriSign sells Class 1 Digital IDs for Secure Email for $19.95. These and other digital certificates work with any S/MIME-compliant email clients such as Microsoft Outlook, Outlook Express, Mozilla Thunderbird or Apple Safari.

A digital certificate used for signing and encrypting emails is bound to your validated email address. Recipients of your messages will know they came from your email address and have remained private and unaltered from the time you sent them to the time they are received. A signed email also provides something called non-repudiation, which essentially prevents the sender from denying later on that he/she sent it.

To send your colleague confidential information via email, you'll need a copy of their digital certificate, which is fairly straightforward to obtain. When anyone sends you a digitally signed message, their email application attaches their digital certificate containing their public key to the message. This is done so that the recipient can verify the sender's signature and confirm that the message was not altered. Once your colleague has sent you a signed email, you can save his certificate onto your computer and use his public key to encrypt messages back to him, and vice versa. Your encrypted message will be unreadable to anyone but your colleague. For instructions on how to digitally sign and encrypt an email message using various email programs, there are some good VeriSign step-by-step guides on email encryption.

Of course, be sure to consider the security of your information once it has been emailed to your colleague. Once it is decrypted and read by the recipient, it can be copied or printed without limit, so always consider the nature and sensitivity of an email's contents before sending it. You must also protect the private key associated with your digital certificate, as this is literally the key to your digital identity.

This was last published in July 2010

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.