IT is beginning the process of sending S/MIME digitally signed email messages from automated systems that need to send email to users.
This will allow you to verify the authenticity of the email message and know that it did indeed come from Rice and is not some phishing or hacking attempt.
Currently, only messages from firstname.lastname@example.org are going to be digitally signed. These messages will appear to be from the user Automated Email and the certificate will be issued by InCommon Standard Assurance Client CA.
The full certificate chain will look like this:
S/MIME stands for Secure/Multipurpose Internet Mail Extensions and is a standard for public key encryption and signing of MIME data (an email message). What it allows you to do is two things:
When you receive an email from the email address email@example.com, if it has been digitally signed, you can be assured that it was sent from Rice. If you receive mail from the address firstname.lastname@example.org, but it is not digitally signed, it could be a fake, forgery or phishing attempt.
This varies by the mail client that you are using, though every mail client will do it similarly. In general, they will all put some indicator in or around the header of the mail message to indicate that the message has been digitally signed and that the signature is valid or invalid.
Various mail clients:
Other mail clients also allow you to verify the signature but it is slightly different for each one. Please contact your DivRep or the IT Help Desk to learn how to verify this signature in your mail client.
Currently there is no way to verify a digital signature in Google Mail. Please use Webmail or real mail client to verify the authenticity of the digitally signed messages. We are investigating options with Gmail.
In Mac Mail, the digital signature is indicated by the Security header of the message and the presence of the check mark and the word Signed.
If you click on the check mark, you can get more information about the digital signature.
Notice the certificate chain is the same that is printed at the top of this page, that the Expiration date of the certificate has not passed and that there is a green check mark indicating that this certificate is valid.
This allows you to know that this message did come from Rice University IT and is something that you should probably pay attention too.
In Webmail, the digital signature is indicated in the body of the message by the Pad Lock, the word Signed and the yellow box below it.
Clicking on the link "Automated Email (email@example.com)" in the yellow box will display information about the signature.
In iOS Mail, the digital signature is indicated by the presence of the check mark beside the From address.
If you click on the From address , you can get more information about the digital signature.
And then clicking on verify certificate will show you this:
In Thunderbird for Windows mail, the digital signature is indicated by the presence of an envelope icon with a red seal beside the Date stamp.
Click on the envelope icon to display the certificate message.