easy way to confirm email validity

Henry Hertz Hobbit hhhobbit at securemecca.net
Thu May 24 20:47:15 CEST 2007


ptr <peter_z_g at yahoo.co.uk> wrote:


> Hi,
>
> I'm looking at easy way for my email recipients to validate
> that email sent from me is actually from me. I was thinking
> about some web way, ie: they could copy and paste email body
> to verify it. Is there some secure provider of such service?
> Are there maybe better ways to do it?

You heard the others answers.  They are all good and valid with
one exception: browser based mail. Looking at your email
address, you CAN slip in the FireGPG plug-in into Firefox:

http://firegpg.tuxfamily.org/

But to use it you need to install GnuPG, create keys, have your
friends create keys, import their public keys and you import
their public keys, etcetera.  FireGPG verifies OR signs (but
not both simultaneously) but it only handles INLINE properly sent
from a POP mail account if the message is signed (no friends
who are using GnuPG in  Evolution or Mac Mail or similar apps
that only do OpenPGP/MIME).  Strangely, it decrypts messages
that are encrypted in OpenPGP/MIME format.  I have only tested
it SENDING from GMail so far (had to bring all my browsers,
email programs and plugins all up to date for valid tests).

I have tested it successfully with GMail (where it works best)
and Yahoo WebMail.  It will NOT work with AOL because you have
to select the text, and they have that stupid pop-up you are
reading the message in that doesn't give you access to the
FireGPG menu.  I have yet to test it with HotMail, but I see no
reason for why it will not also work there.  It is just that
HotMail is a pain to test because I have to wait a LONG time
(sometimes hours) for the message to arrive.  That makes it
very difficult for testing.

I say it works best in GMail.  That is because in it you get
buttons for signing OR encrypting when sending.  However, there
is no reason you can't select and use the FireGPG menu in Yahoo
for example. I am still spelunking it and can give you a fuller
report later on if you want it.  I can say FireGPG is VERY
PROMISING!  Color me impressed.  Just realize it is brand new
and you will have some gotchas, but you can always copy and
paste the message into something else (WinPT on Windows) for
verification.

Can you make your requirements a little more specific?  By specific
I mean what OS you have (Windows, Linux, Mac), what type of mail
(POP / IMAP / WebMail), what everybody else you want this to work
with are using, etc.  X.509 works great in Outlook on Windows for
example, but I don't know how it would work in WebMail. I don't
think it will work at all in WebMail on Linux (haven't checked
for plugins to the browser yet).

HHH




More information about the Gnupg-users mailing list