Secure Email Communication (DigitalSignature)

IT is beginning the process of sending S/MIME digitally signed email messages from automated systems that need to send email to users.

This will allow you to verify the authenticity of the email message and know that it did indeed come from Rice and is not some phishing or hacking attempt.

Currently, only messages from no-reply@rice.edu are going to be digitally signed.  These messages will appear to be from the user Automated Email and the certificate will be issued by InCommon Standard Assurance Client CA.

The full certificate chain will look like this:

• AddTrust External CA Root
  • UTN-USERFirst-Client Authentication and Email
    • InCommon Standard Assurance Client CA
      • Automated Email

What is S/MIME?

S/MIME stands for Secure/Multipurpose Internet Mail Extensions and is a standard for public key encryption and signing of MIME data (an email message). What it allows you to do is two things:

1. Ensure to your email recipients that YOU actually sent the email
2. Allows the possibility of sending and/or receiving email encrypted

What does this mean?

When you receive an email from the email address no-reply@rice.edu, if it has been digitally signed, you can be assured that it was sent from Rice.  If you receive mail from the address no-reply@rice.edu, but it is not digitally signed, it could be a fake, forgery or phishing attempt.

How do you know that the message is digitally signed?

This varies by the mail client that  you are using, though every mail client will do it similarly.  In general, they will all put some indicator in or around the header of the mail message to indicate that the message has been digitally signed and that the signature is valid or invalid.

Various mail clients:

• Google Mail (Gmail)
• Mac Mail
• Webmail
• iOS Mail
• Windows Thunderbird

Other mail clients also allow you to verify the signature but it is slightly different for each one.  Please contact your DivRep or the IT Help Desk to learn how to verify this signature in your mail client.

In Google Mail (Gmail)

Currently there is no way to verify a digital signature in Google Mail.  Please use Webmail or real mail client to verify the authenticity of the digitally signed messages.  We are investigating options with Gmail.

In Mac Mail

In Mac Mail, the digital signature is indicated by the Security header of the message and the presence of the check mark and the word Signed.   

If you click on the check mark, you can get more information about the digital signature.

Notice the certificate chain is the same that is printed at the top of this page, that the Expiration date of the certificate has not passed and that there is a green check mark indicating that this certificate is valid.

This allows you to know that this message did come from Rice University IT and is something that  you should probably pay attention too.

In Webmail

In Webmail, the digital signature is indicated in the body of the message by the Pad Lock, the word Signed and the yellow box below it.    

Clicking on the link "Automated Email (no-reply@rice.edu)" in the yellow box will display information about the signature.

In iOS Mail

In iOS Mail, the digital signature is indicated by the presence of the check mark beside the From address.

If you click on the From address , you can get more information about the digital signature.

And then clicking on verify certificate will show you this:

In Windows Thunderbird

In Thunderbird for Windows mail, the digital signature is indicated by the presence of an envelope icon with a red seal beside the Date stamp.

Click on the envelope icon to display the certificate message.