Outlook and Replying to Digitally Signed Emails

All or at least most email programs that you can install on your computer will allow you to install a security certificate so that you can digitally sign emails.

What digitally signing an email means is that a "signature" field that is calculated from the content of the email and your certificate is passed along with the email content. This allows the recipient of the email to tell several things about the email.

  1. That the email was really sent from the email address that it says it came from.
  2. That the email has not been altered by anything since it was sent and therefore says what the sender intended.

With an unsigned email you can't tell either of these things.

While email programs will only receive emails sent to a specific email address that they are configured to retrieve from the internet, they can send from any email address at all. A digital certificate that can be used to sign emails will only be sent to the email address that the certificate is for and so you can only install a certificate for an email address where you can receive emails. The certificate can then only be used to send emails from that address. When you receive a signed email you therefore know that the email address that the email says it came from does really belong to the sender since they would not have been able to obtain the certificate if that address wasn't theirs.

Since the digital signature also contains a calculated value based on the content of the email (the technical term for this is a hash) your email program can perform the same calculation on the email content and compare the result with the hash in the signature. If the two values are not the same then the email content has been changed in between the sender signing it and your receiving it. One possible cause of changes is where you have your antivirus program add a message to the end of emails that says whether it thinks the email contains a virus or not. For this reason you should set up your antivirus to only add messages to emails where the program thinks there is a virus so that it doesn't trigger an alert due to its having tampered with signed emails that don't contain a virus.

The other thing that attaching a digital certificate into your email program allows you to do if the email you are replying to is digitally signed or where you are sending an email to someone that you have previously received a digitally signed email from is that you can encrypt the content of your email so that only the intended recipient of the email can read it.

Digitally signed emails work perfectly fine even where the recipient of the email doesn't have a digital certificate except for Outlook and Outlook Express. The problem in those email programs is that their default for replying to a digitally signed email is to digitally sign the reply. Where there is a digital certificate installed then the reply will work fine but if there is no certificate installed then the program is unable to sign the email and therefore can't send a digitally signed reply. Other email programs can't send a digitally signed reply in this situation either but they are smart enough to not try to send a signed reply when there is no certificate to sign it with while Outlook and Outlook Express set the default incorrectly in that instance. That means you end up being unable to reply to the digitally signed email without first telling your email program not to try to sign the reply.

To be able to reply to a digitally signed email from Outlook or Outlook Express select the Option button from the Email toolbar to display the Message Options dialog. From there press the Security Settings... button. Make sure that the Add digital signature to this message is NOT checked and then press OK and then Close. You will now be able to send your reply without your email program giving an error die to its trying to send a digitally signed email when you do not have a certificate installed to sign it with.

Of course you will then have to repeat this same process every time you want to reply to a digitally signed email and so you may find it easier to just download and install a free email digital certificate into your email program so that you can digitally sign those replies and even digitally sign your own emails where you want the recipient to tell that they really did come from you and haven't been tampered with along the way.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow