Home>FAQ>Email Encryption and Signature Services FAQs

Email Encryption and Signature Services FAQs

  • 1. My company has adopted a VPN to ensure the security of email communications, do I still need to encrypt emails?


    Yes, it is needed. Many companies have adopted internal and external network email forwarding. They use VpN as a security technical measure for employees who works remotely to connect to the internal network mail server to send and receive emails. However, currently, these measures are not seemed to be far enough to meet the needs on mobile office or remote office that have been popularized and widely used. More importantly, the VPN connection can only ensure that the information transmission is encrypted between users’ devices and their companies email servers, which can ensure the security of mail transmission, but when the confidential emails are sent out of the mail server to other mail servers, the emails are in cleartext, the confidential information can still not be guaranteed.

    The most reliable solution is that the email is encrypted into ciphertext from the time it is sent, so that there is no need to use a cumbersome VPN, and the enterprise does not need to build and maintain the mail server by themselves, and they can use the cloud mail server instead. The entire encryption of the email guarantees the security of the transmission process and also guarantees emails store on the cloud mail server are safe.

  • 2. What are the special innovations in MeSign APP’s user interface design?


    Auto-encrypting every email, auto-attaching a digital identity on every email, and auto-timestamping every outgoing email are the advantages of MeSign APP, so we highlight these points in the design of the user interface to let the user know clearly whether the received email is encrypted, has a digital signature, has a timestamp and whether the sender's authentic identity has been validated, and which level of validation. If the email has been signed or been encrypted, you can check which certificate is used to sign and which certificate is used for encryption. This important information is clearly displayed on the user interface.

    MeSign not only automates email encryption, but also makes encryption transparent and non-inductive, allowing users to clearly understand and be confident that emails are encrypted and to know the certificates used for encrypting the emails. At the same time, it is very easy for users to know the authentic identity of the sender of the email, so it is easy for them to identify the fake and fraudulent email at a glance.

    Please also refer to the Instructions to MeSign APP UI Icon for detailed instructions.

  • 3. What is MeSign Global Public Key Certificate Database (CDB)?


    The reason why MeSign APP users can send S/MIME encrypted emails without exchanging public keys in advance is that MeSign has built and has been maintaining a public key database. MeSign APP can search the receiver’s public key of the encrypting certificates in the CerDB automatically when users type the receiver’s email address, and users do not need to exchange the public keys to the receivers in advance. Therefore, CerDB makes users to send encrypted email as easy as sending cleartext emails. Users do not need to care what is public keys and how to exchange the public keys, so it greatly reduces the threshold of users to sending encrypted emails.

    The CerDB, we call it "MeSign Global Public Key Certificate Database". It is because we open this public key database to all Internet users worldwide. Users can query the public key database to retrieve the public key of an email address or submit their own or the other people’s public key to this public key database, so that all kinds of software that requires the user’s public key, such as other email client software, can encrypt emails without exchanging the public keys in advance manually, which will definitely promote the rapid development and popularization of “S/MIME email only” and truly achieved full-scale encryption to protect the confidential information of the Internet users.

  • 4. Why all service providers should send encrypted emails to its users?


    Reason One: The email sent from your system to your subscribers contains lots of important confidential information, so only encryption can make sure the security of the confidential information. The leakage of the confidential information of your subscribers’ will not only make problems and loss for your customers, but also add security risks to your own systems.

    Reason Two: The need on protecting users’ accounts. Nowadays, many Internet service accounts are bound to email address, and normally the usual process for finding forgotten passwords is to send an email to the email address to reset the password. This makes email security critically important, because if the email account password has been compromised, the associated service account password will be illegally modified. However, if the service provider call MeSign e-Mail API to send an encrypted amil to their users, even if the user’s email account password has been compromised, the emails cannot be decrypted under the protection of the encrypting certificate protection password. Therefore, the user’s accounts can stay secure, because the account password or other information cannot be illegally modified.

    So, in order to protect your system and your users’ account security, we strongly recommend you begin to transform the system as soon as possible to send encrypted email to your users, to protect your precious customer resources and important properties.

  • 5. What kind of transformations do we need to make to our existing billing email system to support sending encrypted emails?


    There is no need to change much of your billing email system. You only need to modify the sending email program to support certificate signing and encryption. Firstly, calling the MeSign e-Mail API to retrieve the public keys of the receivers and enable email signing and encryption when sending emails. If you don’t know how to program, please contact us that we will send you the source code examples for free.

  • 6. I believe it is very necessary to send bank statements by encrypted emails. My concerns are that it is not convenient for users to receive encrypted emails, and MeSign APP has not been widely used. Do you think it is the time for sending encrypted bank statement emails?


    If you think it is necessary to send bank statements by encrypted emails, you can set up your email system to send a cleartext emails before sending encrypted email to tell users how to receive the encrypted emails (some banks is doing so). In fact, as long as users install the MeSign APP, they can receive the encrypted emails. There is no threshold for users to use it, and it is not necessary to wait for MeSign APP to be widely used, because, after all, account security and the client privacy should be placed on the first position.

  • 7. MeSign e-Mail API for retrieving public key is open for free, and the organization validated V4 signing certificate is also free. Is there any fee when we use the API?


    The e-Mail API for retrieving public key service is completely free, and every organization will be given away one organization validated V4 signing certificate for digitally signing the bank statement emails.

  • 8. We are sending billing statement email with PDF file. Why do you recommend signing the email digitally? Are there any benefits?


    At present, the emails sent by management systems are cleartext messages and there is no digital signature, which cannot guarantee the security of the confidential information of the email, we recommend sending encrypted email to users. But if you are worried that the user cannot decrypt, it is recommended to send a digitally signed email to users, signing the email with a signing certificate containing a trusted digital identity, so that the user can easily know that this is not a fraudulent and fake email after receiving the signed email.

    In the same time, adding a digital signature on the PDF file can enable users to clearly see the issuer’s name of the billing statement and the statement receiver can ensure the billing statement is not fake bill. Meanwhile, it is an effective way to protect the information from tampering and makes sure that the document has legal force. We recommend using the MeSign Document D-signature service, which automatically digitally signs the electronic bill file and automatically add an Adobe trusted timestamp to ensure the document signing time is trusted. This is a billing statement security measure that has multiple benefits.

  • 9. It is awesome to use encrypted email to replace cleartext SMS to send verification codes, but it requires user to install MeSign APP on their mobile phone. If they haven’t installed MeSign APP, any suggestions?


    The verification code sending system can call MeSign e-Mail API to check whether the user has already used the MeSign APP or not for free. If not, system can send an unencrypted email to the user firstly to tell the user that a more secure verification code sending method will be user, user need to download and install the MeSign APP for receiving the encrypted verification code. Of course, you can also consider sending the verification code to users who already use MeSign APP first, and at the same time to recommend these users who have not used MeSign APP to install the MeSign APP to receive the verification code securely.

  • 10. Can you briefly introduce what are the special advantages when using encrypted emails to replace telephoned customer service?


    There are several issues with telephone customer service. Firstly, it is not easy for users to access to the customer service, because they often needs to wait a long time or fail to get through; secondly, if the user has issues with using the online banking software, and normally a screenshot is required, so the telephone customer service cannot help with this; thirdly, the telephone customer service not only spends expensive telephone charges (especially abroad), but the cost of telephone trunks is also very high.

    But, using MeSign APP to encrypt customer service emails, not only save costs for customer services, but also solve the issues that not enough capacity for users to wait for access and also facilitates users to send screenshots of the banking software or the websites. More importantly, customer service information is encrypted, which can guarantee user's privacy and directly confirm the user's authentic identity at the same time, without additional verification on user's identity.

  • 11. If using digital signed encrypted email to provide online customer service, how can we effectively and accurately bind user’s authentic identity?


    After using MeSign APP for customer service, the user must also use the MeSign APP to ensure that the user can receive encrypted mail and decrypt it normally. At the same time, you can bind the user's identity by binding user’s email address in the identity validation of the business system. Of course, if the application systems have high requirements for identity information, you can require users to apply for MeSign Identity Validation service, so it can ensure the authentic identity of the user and encrypting the confidential information to protect the user's privacy at the same time. It not only guarantees the authenticity of the identity, but also protects the privacy of the user. The communications with the user are encrypted, so that more businesses based on the trusted identity can be carried out, providing users with a wide range of more flexible and convenient services.

  • 12. Is it free to submit public key to MeSign Public Key Certificate Database (CDB)? Is it limited to individuals or is it also open to organizations for batch submission?


    MeSign Public Key Certificate Database is open to individuals and businesses for free. If you want everyone to know the public key of your encrypting certificate, you just submit it online to the CerDB. Please note: If you have already started using MeSign APP, you do not need to submit it, MeSign APP will automatically submit the public key of your encrypting certificate that you have been using.

    If you are an enterprise user - CA or email client software developer or other software developer, please contact us, and you can integrate and submit the public key API interface after completing the identity validation within one working day.

  • 13. Our company has already established our own CA and KM system on premise, so how can MeSign APP be connected to our CA and KM system?


    We will provide you the supported document and the test system. As long as the customized MeSign APP can retrieve the key and certificate successfully from your system, then it means the integration has succeeded. If you only limit your user’s email address by a dedicated domain name, then you don’t need to customize the MeSign APP, and we can do the settings in the MeSign APP to redirect the users with the dedicated domain name email address to retrieve the keys and certificates from the dedicated KM or the dedicated CA.