Image of the glider from the Game of Life by John Conway
Skip to content

Why I Cryptographically Sign My Email

Yesterday, I received a disturbing phone call. Someone very close to me, call him John, might lose his job, because a slanderous, offensive email was sent with forged headers, claiming to be John. John certainly did not send the mail, and those close to John know that the tone of the mail does not seem like something John would send. The email made its way to John's boss, human resources, IT, and other departments. The director of IT said that whoever sent the email, will get fired. Hopefully, they understand the principle of innocent until proven guilty, and all that John has to do, is cast reasonable doubt that he sent the mail. Examining the mail headers should deliver that doubt. I've told John that I would be willing to examine the headers, along with his IT department, to help in any way I can. Hopefully, this ends well.

I've never known anyone personally that this has happened to, until now. But, I've been cryptographically signing my email since 2004. Every single one. I have almost 10,000 emails in my Sent folder, all of which are signed. Further, I think I've been very clear to my friends and family, that it is their responsibility to verify the signature. Should they receive an email claiming to come from me, they should doubt the authenticity of the mail if it is not signed.

Of course, this does not prove anything about future email. I may wish to stop signing my mail at anytime. But, all I need to do is cast reasonable doubt that I sent the mail. A back history of over 7 years and 10,000 cryptographically signed emails should cast enough reasonable doubt as to the message is question, should I be placed in that situation. Along with anyone being able to forge email headers, it's all over. Unless you can clearly, logically, and rationally prove that I sent the mail, there is enough doubt surrounding it, that I remain innocent.

I know others don't see email the same way I do, and treat their email experience differently, such as John. And in all reality, if setting up OpenPGP or S/MIME wasn't such a major PITA, it might be more widely used. But for the time being, all I can do is continue to lead by example. For me, the 15 minutes it took for initial setup, and having to provide a passphrase every time I wish to send an email, is peanuts compared to threats, such as this. Of course, if the organization John worked for required S/MIME on their email (I've worked for one such organization that made this requirement), then it would be clear that the mail was a fake.

UPDATE: Turns out that this organization has a utility to send messages to anyone in the organization. It's not email, but some custom, proprietary application. Further, it requires no authentication. Anyone can send messages to anyone pretending to be whoever they wish.

{ 6 } Comments

  1. spindritf | February 14, 2012 at 2:58 pm | Permalink

    A one-in-a-million event is not really a very compelling reason to change one's mailing habits. Especially since the company surely employs some authorization on their mail servers and will not be fooled by forged headers.

  2. nemoinis | February 14, 2012 at 4:33 pm | Permalink

    Your reasoning, that signing your emails will clear you of suspicion on any non-signed email, is flawed.
    One could make the argument that you could send a hurtful unsigned email, then point to your signing record as a sign of innocence.
    Signing is useful to protect the content of your email against later alteration (where a recipient would edit the email to suit their purpose), nothing more. Even then, the recipient could remove all traces of signing in the email, and then it would be your word against theirs, again.

  3. Aaron Toponce | February 14, 2012 at 5:00 pm | Permalink

    spindritf- For the 15 minutes it took me to setup my key and then configure my mail client, is hardly a claim to not use the software, because of a "1 in a million" threat. If we all followed that philosophy, then we wouldn't have best case security practices for software or hardware in general.

    nemoinis- Sure, you can remove the signature after I send the mail, but my Sent folder will still retain the unadulterated copy. The signature contains a date timestamp when it was applied to the message. I can show, beyond a shadow of a doubt, that I signed the message that claims to not have a signature. Further, the point of the archive is not to prove anything. The point is to create reasonable doubt. The burden of proof is on the accuser. Innocent, until proven guilty, not the other way around.

  4. Ricardo N Feliciano | February 15, 2012 at 12:54 am | Permalink

    Although I don't think ecrypted emails are really neccessary, I do agree it's something that can't hurt either, and can help in the future.

    More important then proving you didn't send something, I feel is the ability to verify that the person who send you an email is who they say they are.

    My issue, half the emails I send are from my Android phone. Any suggestions on sending encrypted emails on an Android device?

  5. Ricky | February 16, 2012 at 3:20 pm | Permalink

    The organization should be charged for harassment.

  6. Andy | March 5, 2014 at 7:16 am | Permalink

    Not sure why I post this, but regardless, here is your solution so you can stop using signed mail;

Post a Comment

Your email is never published nor shared.