From owner-freebsd-questions@FreeBSD.ORG Wed Apr 25 17:54:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1DB8416A400 for ; Wed, 25 Apr 2007 17:54:59 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id 0829A13C44C for ; Wed, 25 Apr 2007 17:54:58 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay8.apple.com (relay8.apple.com [17.128.113.38]) by mail-out3.apple.com (8.13.8/8.13.8) with ESMTP id l3PHswtW014447; Wed, 25 Apr 2007 10:54:58 -0700 (PDT) Received: from relay8.apple.com (unknown [127.0.0.1]) by relay8.apple.com (Symantec Mail Security) with ESMTP id 9C89B40472; Wed, 25 Apr 2007 10:54:58 -0700 (PDT) X-AuditID: 11807126-9f54ebb0000007ff-6f-462f95f29ed7 Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay8.apple.com (Apple SCV relay) with ESMTP id 8C179400B5; Wed, 25 Apr 2007 10:54:58 -0700 (PDT) In-Reply-To: <200704250910.30808.david@vizion2000.net> References: <200704250910.30808.david@vizion2000.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Wed, 25 Apr 2007 10:54:57 -0700 To: David Southwell X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org Subject: Re: Digital signed mail- certificate issuing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2007 17:54:59 -0000 On Apr 25, 2007, at 9:10 AM, David Southwell wrote: > Can anyone please tell me the simplest way I can issue my customers > a means of > digitally signing emails they transmit to us via our server. I need > the > chosen method to be compatible with most popular email clients and > popular > webmail services. The most commonly used solution for this is PGP (aka GnuPG, OpenPGP, etc). It's somewhat intrusive, but it is reasonably well supported by most clients. It can be used with webmail services using a local client to sign and/or encrypt the message before pasting it into the webmail's send form. Another less commonly used alternative is known as S/MIME. It doesn't work well with webmail, and some MUA clients have problems with it, too. > Every customer has their identity and email addresses stored on our > mysql > database. > > Essentially my target is, as far as possible, to ensure that emails > purporting to come from my customers are indeed from them and noone > else. You're never going to be able to prevent someone from forging emails which claim to be from a client. You might be able to convince motivated clients to always use PGP/ GnuPG for signing mail, so that forgeries can be readily identified by someone knowledgeable, but be aware that most normal computer users have significant problems dealing with PGP. -- -Chuck