An obvious solution to signing e-mails using a commonly accepted S/MIME standard is unfortunately not such a method, although it is highly recommended, among others for image-related reasons. The reason for this is simple: not much of such a signature for addressees arises, because the overwhelming majority of them (usually using solutions such as Webmail) will see the signature only in the form of a mysterious additional attachment with an unknown purpose.
On the other hand, providing attachments with a separate signature or electronic seal would be a sufficient and reliable solution, if not for one snag: with the usually used PDF format, when the recipient will use the commonly available Adobe Reader program and determine if and by whom such an attachment is signed, his computer may already be infected with malware. In addition, Adobe Reader provides the user with a lot of irrelevant for him information about the signature, badly translated and for the layman completely incomprehensible, which may cause customers’ anxiety and unnecessary increase in the load of units such as the Telephone Customer Service Office.
The company offers an effective solution to the problem described above: it consists in providing customers with a safe and easy-to-use service, that allows for reliable verification of the authenticity of the attachments they receive. This may for example look for the recipient like as follows:
Caution: the address of the service can not be included in the message in the form of an active HTML link and the addressee must be aware that the authentic e-mail from a given sender never contains such links.
At the address of the service (available only through a secure, encrypted connection), the user will be asked to select the file to be checked. After the verification of the file, either a confirmation of its authenticity and integrity will be displayed, or a clear and emphatic warning about its opening and ask for permission to download it for detailed study.
Our company has developed several variants of this service, including those enabling the verification of unsigned or encrypted attachments (encryption is recommended e.g. in banking applications – see GDPR, Article 32 or 34). Implementation may require, for example, integration with a system for mass sending of documents. In particular, this can not be avoided when sending unsigned documents.