Using digital IDs to sign or encrypt Windows Mail messages

Digital IDs, sometimes referred to as certificates, allow recipients to verify that an e‑mail was actually sent by you. It's very easy to forge e‑mail return addresses, and using a digital ID helps a recipient know that a message actually came from you. Also, when traveling across the Internet, standard e‑mail messages are the digital equivalent of postcards—they can be read, or even altered, along the way. Digital IDs can be used to encrypt messages, hiding their contents, and they indicate whether a message has been altered in transit to the recipient.

In many businesses, your system administrator will provide you with a digital ID. To obtain a digital ID for personal use, you'll need to obtain one from a certification authority, which is an organization that offers digital IDs.

Typical unencrypted e‑mail messages are sent across the Internet in a plain text format, and as they travel to their recipients, they can potentially be read by prying individuals or automated programs. Encrypted messages are messages signed with a digital ID that are sent in a scrambled format that can only be read by your recipient. However, both the sender and recipient must have copies of each other's digital ID to be able to send and read encrypted messages.

While composing an e‑mail message, click the Tools menu, and then click Digitally Sign.

Your message will be sent using your digital ID.

While composing a message, click the Tools menu, and then click Encrypt.

Note

Before sending an encrypted message, you must have a digital ID in Windows Contacts for each intended recipient. If you need a digital ID for your recipient, have your recipient send you a digitally signed message. Whenever you receive a digitally signed e‑mail message, Windows Mail automatically adds the sender's digital ID to your Windows Contacts.

You can read a digitally signed message the same way you would read any other message. To provide further assistance, Windows Mail displays a help screen the first time you open or preview a digitally signed message.

After you send a digitally signed message to a contact, you can read an encrypted message from that person the same way you would read any other message. To provide further assistance, Windows Mail displays a help screen the first time you open or preview an encrypted message.

If you receive a secure message that has a problem (for example, the message was tampered with or the digital ID of the sender is expired), you will see a security warning that details the problem before you are allowed to view the contents of the message. Based on the information in the warning, you can decide whether to view the message.

If you read a digitally signed message while connected to the Internet, Windows Mail will verify the validity of the message by requesting information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination. To view the validity status of a digital ID while reading a message, click the File menu, click Properties, and then click the Security tab.

Digital IDs used by Windows Mail are stored in Windows Contacts. Whenever you receive a digitally signed e‑mail message, Windows Mail automatically adds the sender's digital ID to your Windows Contacts. In some circumstances, you may want to manually add a digital ID to a contact. For example, if the contact listed in the e‑mail message doesn't exactly match the name of the existing contact in Windows Contacts, the digital ID will be stored in a new contact instead of being associated with the existing contact.