Digitally signing an email might not be a singular means to a secure end, but it can at least help recipients of your email better trust the missives you send them. Although this isn’t something you (and your recipients) can absolutely count on to ensure what you send actually comes from you and can be trusted, every little thing counts when it comes to security.
SEE: Security incident response policy (TechRepublic Premium)
Some email clients make digitally signing easier than others. Although Apple products tend to fall under the category of user-friendliness, signing an email in Apple Mail isn’t quite as intuitive as you might think. However, it’s not too challenging.
Let me show you how.
What you’ll need
The only thing you’ll need is a running instance of Apple Mail. I’ll be demonstrating on the latest version of macOS (Big Sur 11.6).
How to create a self-signed certificate
The first thing you’ll need to do is create a self-signed certificate for Apple Mail to use in the signing. To do that, click on Launchpad and type keychain access. When the Keychain Access app appears, click the icon to launch the application.
In the Keychain Access app, click Keychain Access | Certificate Assistant | Create a Certificate. In the resulting window (Figure A), type your name, check the box for Let Me Override Defaults, and click Create.
Walk through the creation wizard, accepting the defaults, until you come to the screen that allows you to enter the email associated with the certificate (Figure B).
This only applies if you have multiple email accounts configured in Apple Mail. If you do, make sure to type the correct email address you want to associate with the certificate. Fill out the rest of the information and click Continue. You can then click Continue (accepting all defaults) until you see the Create button, at which point click it to create the certificate.
When the certificate creation completes, click Done and then close the Keychain Access application.
How to sign an email with the new certificate
Open Apple Mail and click File | New Message. In the composition window, hover your cursor over the From field and a drop-down will appear. Click the drop-down and select the email address associated with the newly-created certificate. On the right side of the composition window, you should see a lock and a blue certificate badge (Figure C), indicating the email is signed.
When you hit Send for the email, you will be prompted to type your user password before the email can be sent. Upon successfully receiving the email, the recipient will be able to view the certificate. They will clearly see the certificate is not valid (because it’s self-signed). To avoid purchasing certificate authorities for such an occasion, I often add a non-standard answer to the certificate details, something that I can then share with the recipient, so they know the certificate is definitely mine. For example, when creating the certificate, instead of a company name in the organization, I might add a song title and then share that information with the recipients, so they can be certain the email has most certainly come from me (unless someone broke into my MacBook Pro and sent an email from that specific account.
No, this isn’t foolproof, but it’s a good first step to bring your email to a new level of security. Should you depend on this as your only step? No. But anything is better than nothing. In today’s world of constant hacks and breaches, you need to take every precaution possible.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays