I used to advocate for Thawte’s free personal e-mail certificate program. However, Thawte’s practice of sending verification messages from a non-existent address backfired — many of my friends were not able to enroll in this program because the verification message never arrived.
The majority of spam messages carry fake sender addresses, which many e-mail servers simply flag, drop, defer, or reject. Nevertheless, Thawte’s personal digital certificate enrolling procedure sends out confirmation messages using a non-existent sender address. This comes as a surprise as it does not fit Thawte’s mission to reduce “an element of doubt” by providing advanced and secure trust mechanisms for e-mail communication.
In a virtual world there will always be an element of doubt when sending or receiving sensitive information. Thawte realized that successful security on the Internet was all about trust. Thawte
In a virtual world there will always be an element of doubt when sending or receiving sensitive information. Thawte realized that successful security on the Internet was all about trust.
Thawte
When a potential user decides to enroll in Thawte’s personal digital certificate program the user provides his or her e-mail address to a web-based enrolling procedure. The enrolling procedure then sends out a verification message, which contains a verification code, to the user-provided address. The user then responds with the verification code back to the enrolling web page, thus validating his or her e-mail address.
However, the verification message easily gets blocked on its way to the recipient because it looks like spam. In fact, a message with a fake sender address is spam. By sending verification messages from a non-existent sender e-mail address Thawte is effectively excluding many potential users from what would otherwise be a very useful program.