Signing your email is a good way to make it authentic. It helps to establish trust between sender and recipient. Please be warned that your signature can be forged, someone else may try to impersonate you. Digital signatures were created to confirm the sender's identity and make it much harder to fake. During the encryption process, the sender includes a short message, usually it is hash of the email, and encrypts it using his private key. Only the corresponding public key can verify the authenticity of the email.

When you receive and open an email, a request is made in the background to our server to retrieve sender public key. After that, you may verify the identity of the email.

The signature process is an important step to protect recipients from spam and hackers. We have all received fake emails from Paypal and eBay asking for you to login in order to steal your password, some of us even lost money because of it. Sometimes it is difficult to distinguish if an email is legitimate or forged. SCRYPTmail has made this process a little more friendly.

At the moment we can only verify authenticity if both the sender and recipient are using our service. In the future we will add compatibility with other services, and the ability to verify manually if you provide the senders public key.

There are few messages you will see in SCRYPTmail:

Signature verified To learn more about signatures

We successfully verified sender signature.
Your can exchange confidential information if you know the sender.

Signature can not be verified To learn more about signatures

This message show that we don't have the public key to verify signature.
It's ok to have non private conversation, but refrain from exchanging confidential data.
There are few reasons for that:

  • Sender using third party service and we don't have the public key
  • Sender deleted his account with us, after he sent this email.

Signature mismatch To learn more about signatures. Link will be open in new tab

Warning: Pay extra attention to this email, we tried to verify sender, but our system has different public key.
There is a very high chance of fraudulent activity. Do not exchange any private information. Make sure you verify source of the email

Reason why this happened:

  • Sender changed his public key after he sent this email. Our advice would be to contact this person before responding. Do not click reply. Compose new email to sender using email from contact list, or contact by phone.
  • Email body was tampered.
  • Hacker tried to forge sender email address. Due to end-to-end encryption, there are slight chance hacker can insert fake email address into from field.

If you see this warning, and sender ask you to provide some confidential data there are high chance of hacker trying to steal your information.