Digitally Sign Email

Is there a method in Rails to digitally sign emails sent via
ActionMailer? I was thinking a long the lines of hashing the entire
email, body and headers, as well as a salt. Then the hash could be
added to the headers as the email’s signature.

I was thinking this could be a good way to determine if a recipient of
my emails is receiving spoofed emails. If in doubt, they could submit
the email to an online app that would do the necessary hashing to
determines its authenticity.

-pachl

pachl wrote:

Is there a method in Rails to digitally sign emails sent via
ActionMailer? I was thinking a long the lines of hashing the entire
email, body and headers, as well as a salt. Then the hash could be
added to the headers as the email’s signature.

I was thinking this could be a good way to determine if a recipient of
my emails is receiving spoofed emails. If in doubt, they could submit
the email to an online app that would do the necessary hashing to
determines its authenticity.

Why reinvent the wheel? Use OpenPGP (GnuPG) or S/MIME. I case you use
former,
ensure your users all trust the public key of your application. If you
decide to
use S/MIME, its even simpler from user point of view to check validity
of the
messages. S/MIME is supported by default in decent e-mail clients and
there’s
OpenPGP plugins for various of them.


Sava C.