Home>FAQ>Email Encryption and Signature Services FAQs

Email Encryption and Signature Services FAQs

  • 1. Email can be encrypted by default without exchanging the public keys in advance, how does MeSign APP get the public key of the receivers’ encrypting certificate?


    If two users are both MeSign users, MeSign has the receiver's public key of the encrypting certificate. Therefore, of course, users do not need to exchange the public key certificate in advance.

    If one of them is not MeSign user, as long as the MeSign Global Public Key Database has the receiver's public key certificate (no matter which CA issued the certificate), MeSign will automatically send the encrypted email to the receiver by using the receiver's public key certificate, and this receiver can decrypt the email by using any mail client software that supports S/MIME encryption, regardless of the receiver uses MeSign APP or not.

    In addition, MeSign supports encrypting outgoing email with multiple certificates, to make sure users can decrypt the encrypted email by using any certificate in hand.

    If users need to send encrypted emails in large quantities can obtain the receiver's public key certificate by calling the MeSign Public Key API.

  • 2. Will the email subject be encrypted? How can I verify the email has already been encrypted?


    According to the S/MIME standard, the email subject will not be encrypted and only the email body (including attachments) will be encrypted. Therefore, it is recommended not to write sensitive information in the subject, the original habit of directly writing the core content of the email in the subject needs to be changed. It is recommended that only to simply mention the email content in the subject, or just write 1-10 to indicate the priority of the email.

    When you receive an encrypted email, you can sign in your mailbox on a browser, and if the email is encrypted, then you cannot read it. The message becomes an attachment (.p7m) or simply can't be displayed. If you view your encrypted messages with other email client software that does not support S/MIME encryption, then it will display "Cannot open the message” or “Cannot decrypt the message". If you use Outlook and have imported your encrypting certificate, Outlook can decrypt your encrypted messages correctly and the encryption properties and the signature properties can be viewed.

  • 3. I received an email with the subject ‘You have an encrypted voice message.’, what is this?


    This represents someone has used MeSign APP to send an encrypted voice message to you, and only you can open to listen it around the world, and it can be permanently encrypted and stored in your mailbox. We think that every voice message or short video from your friends or your family is worth collecting and must be encrypted to protect the privacy. Collecting a voice message or short video from your loved ones will be a permanent asset.

    MeSign APP not only can encrypt all emails, but also can encrypt your voice and video messages. You can tap the recording button on the right side of the subject to record your voice message. This message will be sent as an attachment file to the receiver's email, and only the receivers can open to listen this voice message around the world.

    Now, use MeSign APP to send a sweet voice message to him/her, and only he/she can listen your private message.

  • 4. Can the receiver decrypt the encrypted email that I sent by using other email clients rather than using MeSign APP?


    Yes. If the receiver does not use MeSign APP, MeSign APP can still send encrypted emails to the receivers as long as MeSign APP can receive the digital signature from the sender. If this receiver doesn’t have any encrypting certificate, then MeSign APP will automatically send an unencrypted cleartext email to the receiver to notify the receiver to download and install the MeSign APP to open the encrypted message.

    After the encrypting certificate is installed successfully in MeSign Windows version, you can use this certificate in Outlook to decrypt the encrypted email sent by MeSign APP. For other email client, if you want to decrypt this encrypted email, you need to export and import the encrypting certificate manually. Please note: the free V1 signing certificate and encrypting certificate auto-configured by MeSign APP by default cannot be exported, and only the Global Trusted Vp email certificate can be exported.

  • 5. What do these icons mean?


    These icons appear in the received email sent from MeSign APP (Maximum 4 icons; the email sent from other Email client may only be displayed the icon , indicates this email hasn’t been encrypted). When clicking an icon, a popup sentence will explain to you its meaning. The first icon above means that the email was encrypted, and is not possible to be read by any third party. The second icon indicates that the email has been digitally signed, which ensures that the email has not been tampered in the transmission. The third icon indicates that the sent time of this email is from a trusted timestamp server, which guarantee the authenticity and accuracy of the email sending time. The fourth icon indicates the email sender's validation level is level 1(V1), which means only email is validated.

    When you start to write emails, these four icons are displayed by default. The first one means this email will be sent with encryption. The second icon means the email will be digitally signed to demonstrate the email was truly sent by the sender and if the email has been tampered with, the MeSign APP will display this icon to indicate the receivers the signature is not valid. The third icon means a trusted timestamp signature will be added to the email, and the fourth icon shows your authenticated identity. If it is V1, it means only the email is validated, and if it is V2/V3/V4, it means your identity is validated to related Validation level -- Identity Verified and Trusted.

    Please also refer to the Introduction to MeSign UI for detailed instructions.

  • 6. Sending encrypted email is a default in MeSign APP, but can I choose not to encrypt my email?


    Yes. You can send unencrypted emails, only by clicking on the padlock icons to turn it to grey . Similarly, you can choose not to sign the email by clicking the second icon to turn it to grey . Please note that the identity validation icon, signature icon and timestamp icon are set synchronously, so if you cancel the signing, both the identity validation icon and the timestamp icon will turn into grey too.

    All emails sent by MeSign APP are encrypted by default, because we think that email encryption is significantly important and only by encrypting emails, your private information and confidential information can be protected. However, in consideration of compatibility with other email Client Apps, which do not support digital signature or encryption, MeSign APP supports to set not to encrypt emails or sign emails manually.

  • 7. Why the email sent by the certificate automatically configured by the system is displayed as , and the email sent by the certificate I imported is displayed as ?


    MeSign APP supports users to import their certificates applied from other CA and use it in MeSign APP. However, if the certificate you import is issued from a CA that has not applied the Validation from MeSign, then MeSign cannot identify the validation level of the certificate, so MeSign APP can only display . Please note: such type of certificates can still work normally on signing and encrypting email, only the icon that differs.

    The icon means this certificate is trusted by the operating system, but it has not authenticated by MeSign. Icon means this certificate is not trusted by the operating system and MeSign.

  • 8. Since the email content is all encrypted, does it mean that the mail server no longer needs to deploy an SSL certificate?


    Email content is encrypted, indeed, which prevent email contents from being stolen in the email transmission. However, SSL certificate deployed on the mail server protects your password for logging into your email account. If the mail server does not deployed with an SSL certificate, your password will be transmitted to the server in plain text. It makes other people to steal your email password easily. Once they get your email password, it is possible to get your email encrypting certificate (if you didn’t set up the protection password of your certificate), and decrypt your encrypted emails.

    Therefore, if your email service provider does not have the SSL certificates deployed on their mail server, we suggest you use service from another provider. If it is your own mail server, please apply for an SSL certificate for it as soon as possible.

  • 9. After deployed the full encryption of emails, it is difficult to deal with spam on the mail server side. Does MeSign has any good solutions or suggestions on this?


    Yes, this is a problem indeed. The traditional method of analyzing the content of emails to determine whether they are SPAM, malicious URLs or malicious attachments is no longer applicable. It must be handled by other methods.

    MeSign APP adopts an advanced mode of SPAM and malicious mail scanning by cloud computing and use the 360 Security Technology's sophisticated cloud scanning technology for identifying the malicious emails. If emails are identified as malicious emails (containing malicious attachments and malicious link), then MeSign APP will remind the user to delete this message and the email will be automatically archived in the "MalMail" directory. Please note, we only upload the HASH of the attachment to the 360 Cloud Security Database, protecting the attachment information of our users.

    MeSign uses cloud recognition technology to intercept SPAM, which uses the wisdom and strength of the majority of users. As long as the user reports an email as SPAM, the APP uploads the email address and IP address to the cloud server. The number of the user’s reports determine whether the emails sent from this email address are automatically moved to the trash or directly deleted when other users receive it.

    At the same time, in order to prevent misjudgment, user can add any trusted email address to the address book or whitelist so that even if other users have reported it as SPAM, the user can still normally process the email from the trust list. We firmly believe that your active participation will completely help to eliminate the SPAM.

  • 10. I plan to encrypt all my personal confidential information to my mailbox. What should I do?


    This is a very good choice! Due to each email is encrypted, you can safely send all kinds of confidential information to your own mailbox. Only you can open it, and even the mailbox provider cannot read it. It ensures that all confidential information stored in your own mailbox is more secure than storing in the traditional cloud.

    It is recommended that you create a single folder in your mailbox for archiving your confidential information emails. At the same time, please pay special attention on that you must set the protection password for your encrypting certificate. Then even if somebody has hacked to your mailbox and get your encrypted email, your confidential info will still be safe since nobody knows the protection password of your encrypting certificate.