[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 31 March 2006, 16:48 GMT 17:48 UK
Click Tips
Rob Freeman
By Rob Freeman
Click tip-ster

Rob Freeman, Click's very own Mr Fixit, troubleshoots your PC problems.

Were you and I to make an appointment to meet up at your local internet café, unless I have got a double, you will know it is really me who turns up, by how I look, and how I talk. Accept no substitute.

Of course I cannot always be there for a transaction that involves me, so the next best thing to prove who I am is a personal signature, still used by banks worldwide as a security measure when I write a cheque.

But, online, how can you tell if an e-mail message you have received is genuine and from the person you think it is from?

Most people cannot; we just trust that it is.

The trouble is that, in almost all cases, sending an e-mail is like sending a postcard. Anyone can read it while it is being delivered.

It is disconcertingly easy for people to send e-mail under someone else's name, a practice known as e-mail spoofing. Take this example from Priyobarta Naorem:

A close friend of mine received a rude e-mail sent from my account, and I don't understand how as I never sent it. We ended up quarrelling as she still thinks that I have been impolite to her. How could someone send an e-mail from my account? My password still remains a secret.

How does your friend know that it was sent from your account? Presumably the e-mail has your name and your e-mail address on it. Well, that is the easiest thing in the world to forge.

If I go into the e-mail accounts section of Outlook Express and change a few settings I can send an e-mail to anyone, and it will arrive looking as though it is from someone else.

They do not need your e-mail password, because they do not need to access your e-mail to send a message that, at first glance, looks like it is from you.

Experienced users can examine all the extra information which comes with an e-mail, called the header information, to tell immediately that the address is not genuine. And most spam filters now, certainly Hotmail and Yahoo, will send an e-mail doctored in this way to the bulk mail area.

But there is a way to sign an electronic message with all the legitimacy of your own personal signature. It is the digital signature, or the Digital ID, and it proves who you are online.

Several companies offer basic digital signatures free for personal use, but these will do nothing more than verify the e-mail address is genuine and the message has not been tampered with, but it does not verify the identity of whoever sent the message. Still, it is a useful start.

The first is from Comodo, and only works if you have Internet Explorer as your browser.

I had more luck with Thawte, and was able to get a certificate emailed to me after going through a 10-minute enrolment process.

Go slowly as there is a lot you need to understand, and remember a good password.

Digital signatures will work with e-mail software like Thunderbird, or Outlook Express, but not webmail systems like Yahoo or Hotmail.

We are a few years away from this, but eventually a digital signatures will be accepted by banks and governments as proof of your identity.

Would you put your trust in it now? Let us know.

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific