I used to advocate for Thawte’s Personal E-mail Certificates program. However, Thawte’s practice of sending verification messages from a non-existent address backfired — many of my friends were not able to enroll in this program because the verification message never arrived. By sending verification messages from a non-existent sender e-mail address Thawte is effectively excluding many potential users from what would otherwise be a very useful program.
When you decide to enroll in Thawte’s personal digital certificate program you provide your e-mail address to a web-based enrolling procedure. The enrolling procedure sends out a verification message containing a verification code to the provided address. You then respond with the verification code back to the enrolling web page, therefore validating your e-mail address.
However, the verification message easily gets blocked while travelling over the internet because it looks like spam. In fact, a message with a fake sender address is rightfully regarded as fraud or spam.
The majority of spam messages carry fake sender addresses, which many e-mail servers simply flag, drop, defer, or reject. Nevertheless, Thawte’s personal digital certificate enrolling procedure sends out confirmation messages using a non-existent sender address. This comes as a surprise as it does not fit Thawte’s mission to reduce “an element of doubt” by providing advanced and secure trust mechanisms for e-mail communication.
In a virtual world there will always be an element of doubt when sending or receiving sensitive information. Thawte realized that successful security on the Internet was all about trust. Thawte
In a virtual world there will always be an element of doubt when sending or receiving sensitive information. Thawte realized that successful security on the Internet was all about trust.
Thawte
