Why it is important to sign E-mails
E-mail does a great job for doing business communication all over the globe. But nowadays the internet is a place where more and more bad people try to fake the identities of other business parties to reach their own selfish goals.
Financial fraud, phishing, fake e-mails and spoofing are just some of the attacks that are seen daily in the news.
Red Bull aims to be protected against this kind of impersonation attempts and starts signing outbound mails to proof our identity in E-mail communication to business partners and encourages them to do the same.
Only if both parties communicate securely - trust can be established and compliance can be kept.
What exactly is E-mail signing and how does it look like?
If an E-mail is signed, a part of the digital identity of the sender is attached to the E-mail. This identity was verified and approved by a so called "Public Certification Authority".
Public Certification Authorities check identity documents and company processes before they issue digital identities to establish trust.
Red Bull uses QuoVadis and Sectigo (formely Comodo CA) therefore.
Beside the attached digital identity the signed E-mail will be sealed so that it can not be tampered in transit by somebody else.
So in short E-mail signing:
- Certifies the identity of the E-mail sender
- Certifies that an E-mail was not modified / tampered in transit
Why it is important to encrypt E-mails?
In addition to E-mail signing - encrypting an E-mail means to protect the E-mail from being red in transit from unauthorized persons. Without encryption potentially every system that routes an e-mail over the internet can read and extract the message content.
Furthermore everyone that is able to
tap or monitor the internet data flows can do the same.
With encryption applied E-mail content keeps secret until it reaches the recipient.
Every message that needs to be kept confidential should be additionally encrypted. Examples are confidential financial data, relevant business data, contracts, secret recipies, compliance obligations and many more.
Encryption - How does it work?
Unlike E-mail signing - and that is what it makes it more complicated - E-mail encryption needs an encryption key exchange first.
The encryption key is part of the digital identity (=certificate) of the intended recipient - to whom you want to send the encrypted message.
The intended recipient can directly transfer his certificate to you beforehand (downloadlink, attachment) or he can just send you a signed E-mail where his identity is already included.
After this initial key exchange you can send the intended recipient a secure E-mail message encrypted with his encryption key. After delivery he then can decrypt the message and its content with his personal unlock key.
On the other hand if you want that somebody sends you an encrypted E-mail you have to transfer your digital identity to him beforehand or send him a signed E-mail so he has your encryption key. After receiving of the ecnrypted message you can then decrypt it with your personal unlock key.