CiviCRM Community Forums (archive)

Hi All,

I'm relatively new to this whole thing, and my knowledge of MySQL and PHP (let alone CiviCRM) is rudimentary, but very functional.

I tried searching for this, but I attribute my lack of success to the limitations of my knowledge of how some of these functions work.

I am interested in researching the possibility of digitally encrypting or digitally signing emails being sent out through CiviMail with a legitimate security certificate from my organization. Is this even possible? Is it something that's worth doing? Is there any gain to doing this?

Currently, I have the option of using sendmail or SMTP to send out emails. I currently use sendmail since it offers the greatest flexibility and doesn't trigger SPAM criteria on the SMTP server - which I'm looking to avoid regardless, and hoping that digitally signing the email would accomplish this.

Additionally, would it be possible to use multiple certificates which would differ from each user the email is being sent from?

Thank you!

Shaya K

I am interested in researching the possibility of digitally encrypting or digitally signing emails being sent out through CiviMail with a legitimate security certificate from my organization.

I don’t have much experience outside of GPG email signing, so all of the below covers that.

In GPG’s case: for signing you need the public key (which you distribute to keyservers) to mention the sender’s email address; for encryption, you need the ability to fetch the addressee’s public key.

Is this even possible?

If you manage to protect your organisation’s private key(s)/certificate(s), then yes.

Is it something that's worth doing? Is there any gain to doing this?

It depends on your use case. There are various benefits to signing. If your users are informed, they may appreciate this (or, in certain cases, require); if you believe you managed to secure your private key and make the users verify the signature, you can be sure the recipient is reading the words you sent (as any man-in-the-middle attack would invalidate the signature); in the future, if anyone accuses you of sending something you didn’t, you can also invalidate that claim (as no-one should be able to sign as you, and non-signed emails are so easy to forge that they can’t be sanely claimed as being sent by anyone in particular).

I assume the benefits of encryption are obvious.

I currently use sendmail since it […] doesn't trigger SPAM criteria on the SMTP server - which I'm looking to avoid regardless, and hoping that digitally signing the email would accomplish this.

In theory, signed emails should be treated as less likely to be spam (especially if the signature’s valid, but I doubt any spam filter would try to validate the signature, it’s a bit too time/power consuming for them). In my experience, though, this works only with probability-based filters that learn – and it works with them only if these filters are able to learn over time that they never got a spam email that was signed.

Of course, as with any anti-spam method, the moment it gets too popular spammers will start signing emails.

Additionally, would it be possible to use multiple certificates which would differ from each user the email is being sent from?

It depends on your implementation (you can always do the signing outside CiviCRM, for example on your SMTP gate…), but it should be possible.

How would anyone suggest I effectively implement digitally signing outgoing emails with the current configuration (sendmail)?

I haven’t tried it, but I’d start with wrapping sendmail in a script that takes the email, signs it and then passes the signed message to the (real) sendmail.