Connect with us

Hi, what are you looking for?

News

We’ve revised our SMIME email security standard

SMIME

SMIME Email Security Revised: Following challenges around support inconsistencies and a mobile shortfall with SMIME, the SigniFlow development team has taken the decision to change the default email policy for cloud and hybrid servers.

As of 1 October 2021, SigniFlow’s default email security will subscribe to the DMARC authentication standard, in lieu of SMIME.

The change in mail standard is based on SigniFlow’s core design priority, i.e. security. Since inception, security has been the driving factor behind all SigniFlow system changes and development decisions.

In recent months in particular, SMIME has become a cumbersome process for many of our clients’ document recipients. Specifically, because SMIME is not widely introduced on mobile devices, messages on these devices end up being displayed as attachments, as opposed to the intended format.

The screenshot below illustrates this issue:

Similarly, with many organisations having introduced email scanning services like Mimecast, the scanning and flagging of emails effectively breaks the signature and shows the email as being tampered with.

The screenshot below illustrates this issue:

Introducing DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical standard that helps protect email senders and recipients from advanced threats that can be the source of an email data breach. DMARC email security provides a way for domain owners to outline their authentication practices and specify the actions to be taken when an email fails authentication. DMARC also provides a way for recipients to report on email that fails authentication.

DMARC benefits businesses by providing another layer of protection that guards against attacks like impersonation fraud, where an attacker uses a legitimate domain to send a fraudulent message.

How will it work going forward?

As of October 2021, mails will no longer be signed with SMIME certificates by default. Instead, SigniFlow will be adopting SPF, DKIM and DMARC records to ensure email origination can be validated by receiving mail servers.

SMIME signing of emails will still be available as a feature, and can be enabled on request for hybrid server clients.

For more information, read Agari’s email security blog HERE, or this LinkedIn article by cybersecurity professional, Marnix Dekker, HERE.

REFERENCES

  1. Mimecast: What is DMARC
  2. LinkedIn: https://www.linkedin.com/pulse/stop-asking-encrypted-email-marnix-dekker/
  3. Agari.com: https://www.agari.com/email-security-blog/dmarc-101-part-smime-spf-dkim/

You May Also Like

Electronic Signatures

Reducing paperwork in hospital or clinic administration is a strategic shift that every health administrator should champion.   Whether you’re buried in patient files,...

Electronic Signatures

Why eSign solutions matter in the medical sector  An eSign solution for the medical sector is no longer just a digital upgrade—it’s an essential...

Electronic Signatures

Administration is the beating heart of education, but when a private school is drowning in paperwork, it can’t function efficiently. Just ask Thandi, the...

Electronic Signatures

Digitise TVET college admin, that’s what every admin manager in South Africa at a TVET (or FET) college dreams of when they’re buried under...

Electronic Signatures

In a remote-first world, IT Managers are expected to deliver seamless, secure, and legally compliant solutions across borders. One key question they face is:...

Electronic Signatures

Compliance is a tough nut to crack. But there are ways of making it much easier. Because efficiency and accuracy are so important in...

Electronic Signatures

When it comes to capturing patient data and signing electronically, healthcare providers must ensure that their data retention and eSignatures are POPIA-compliant. Getting this...

Electronic Signatures

For IT Managers, enabling secure and efficient eSign workflows across distributed teams is non-negotiable. As remote work continues to rise, finding the right eSign...

Electronic Signatures

If your healthcare organisation handles medical prescriptions at scale—across hospitals, clinics, or pharmacy networks—you’ve likely asked: Are digital signatures legally valid for medical prescriptions?...

Electronic Signatures

Understanding the difference between digital and electronic signatures is crucial for businesses navigating today’s digital landscape. The difference between digital and electronic signatures lies...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.