Is it safe to open 'digitally signed e-mails'?

D

delgirl

Registered User
Messages
1,322
I received a digitally signed e-mail yesterday for the first time - it's work related, so I don't actually know the person, but it could be legitimate.

Here's the message on the screen in Outlook Express:

"This message has been digitally signed by the sender.

Signed e-mail from others allows you to verify the authenticity of a message -- that the message is from the supposed sender and that it has not been tampered with during transit. Signed mail messages are designated with the signed mail icon.

Any problems with a signed message will be described in a Security Warning which may follow this one. If there are problems, you should consider that the message was tampered with or was not from the supposed sender."

Below this message there's a continue button, which I'm afraid to click on.

Has anyone received a message like this? Is it safe to open?

I'm not able to forward it to anyone to have a look at as the 'Forward' button is 'greyed out', not active.

Thanks
 
Yeah. No problem. Your e-mail application or browser most likely comes with a set of electronic certificates. S/MIME-compliant e-mail applications allow a sender to electronically sign an e-mail, i.e. to encrypt a hash of the message with the public key of one of these certificates. When you get the e-mail your application uses the corresponding private key to decrypt the hash thus verifying the electronic signature. If the electronic signature is created using the public key of a certificate not found in your e-mail application or browser or if the certificate has expired, your e-mail application will ask you if you want to import a new certificate. If this happens it would be prudent to ask your IT unit if this is permissible depending on your IT security policy. Such ‘electronic signatures’ really do nothing but show you that the e-mail has not been changed since it was transmitted.
 
It is not inherently safe or unsafe.

A digital signature is used to guarantee various things to do with authenticity and origin of the email. It does not cover what is actually in the mail.

In practical terms if a digitally signed email contained a virus for example, the original sender couldn't deny they sent it (or say it was changed in transit) precisely because they signed the mail with their signature. As a result it is less likely that someone would actually send a virus or malware deliberately and then sign it.

You should treat this signed email with the same level of caution as others from this person. The signature can normally be taken as an indication of good intent, but no harm in being as cautious as normal.

z
 
Thanks for your replies - this is the first one I've seen and I'm suspicious about everything these days! :)
 
You must log in or register to reply here.
Back
Top