Digitally Signed Do-Not-Reply Email

From Simson Garfinkel
Jump to navigation Jump to search

Many organizations send email to consumers or employees that directs action. Examples includes:

  • Banks sending mail to customers that their statements are ready for view.
  • e-commerce websites sending special offers and advertisements.
  • Educational organizations sending out notices to students and faculty.

Typically such email is sent with an invalid From: address and with a notation Do not reply to this email; it is sent from an unmonitored mailbox.' For example, here is an email message that I recently received from the Virginia Department of Motor Vehicles telling me that my vehicle registration had to be renewed:

Va-do-not-reply.png

Do-not-reply email frequently directs users to click on a link or take some other form of action. Because the email is sent from an unmonitored mailbox, there is no way for the recipient to verify the email's authenticity other than by following its directions. Such practices make users vulnerable to phishing, spear-phishing, and other kinds of email-based scams.

Digital signatures and digitally signed mail are two technologies that were created in the 1990s specifically to solve this problem. With digital signatures each message is signed so that it's authenticity can be directly verified.

To send digitally signed mail an organization must obtain a certificate for each from: address that they wish to use. Such certificates typically cost $35/year for each from: address. There is no per-recipient or per-message cost, nor any advance planning required on the part of recipients. This is different from encrypted mail, which requires that each intended recipient first obtain a digital certificate.

To verify a digitally signed message users must read their mail with an appropriate mail reader. Today there is support for verifying S/MIME signed messages in the following mail programs:

  • Microsoft Outlook and Outlook Express
  • Apple Mail
  • Mozilla Thunderbird
  • Evolution

Organizations that wish to send digitally signed mail can easily do so using an S/MIME signing proxy. This program automatically signs messages that it receives with an organization's digital certificate. The proxy can be configured to run on an enterprise network or can be limited to a single machine. The S/MIME signing proxy makes it easy to deploy signed email with a legacy email network

Bibliography

  1. LT Andrew Slack, Affects of Digital Authentication for Official Bulk Email, Master's Thesis, Naval Postgraduate School, March 2009
  2. Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., "How To Make Secure Email Easier To Use", CHI 2005: Technology,Safety, Community, Portland, Oregon, April 2-7, 2005. (Acceptance rate: ~25%)
  3. Garfinkel, S., Schiller, J., Nordlander, E., Margrave, D., and Miller, R., "Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce", Ninth International Financial Cryptography and Data Security Conference, February 28-March 3, 2005, Roseau, The Commonwealth of Dominica. (Acceptance rate: 26%, 24/90)
  4. Garfinkel, S. Email-Based Identification and Authentication: An Alternative to PKI?, IEEE Security & Privacy, November/December 2003.
  5. Garfinkel, S. Enabling Email Confidentiality through the use of Opportunistic Encryption", presented at the 2003 National Conference on Digital Government Research, May 2003, Boston, MA. (slides)