Digitally Signed Do-Not-Reply Email

From Simson Garfinkel
Revision as of 11:02, 23 September 2012 by Simson (talk | contribs)
Jump to navigationJump to search

Many organizations send email to consumers or employees that directs action: Examples includes:

  • Banks sending mail to customers that their statements are ready for view.
  • e-commerce websites sending special offers and advertisements.
  • Educational organizations sending out notices to students and faculty.

Typically such email is sent with an invalid From: address and with a notation Do not reply to this email; it is sent from an unmonitored mailbox.' For example, here is an email message that I recently received from the Virginia Department of Motor Vehicles telling me that my vehicle registration had to be renewed:


Do-not-reply email frequently directs users to click on a link or take some other form of action. Unfortunately, because the email is sent from an unmonitored mailbox, there is no way for the recipient to verify the email's authenticity other than by following its directions. Such practices make users vulnerable to phishing, spear-phishing, and other kinds of email-based scams.