How do you do it?

Posted on August 14, 2014 • 3 min read • 500 words

All approaches to registered email are far from being straightforward solutions, are very limited on what can and cannot be done, or either both. Why should eEvidence be different?

The eEvidence method was not designed as an alternative to regular email communications, but as a simple way to secure your ordinary emails. It is for you to judge whether we have succeeded.

This is how it works

There are several articles within these FAQs in which we provide further details about each specific topic. For the basics, this is how we do it:

  1. We receive the email. The registration process begins as soon as we receive your email, whether sent by you to someone else or sent to you by someone else. Yes, that's right: we can register both the emails you send as well as the ones you receive. In either case, you are the only one that will know about it.

  2. The hash. Unique hashes are calculated for the original email and for each digital file attached to the email. On the basis that different files will never return the same hash, the hash is often called the (digital) fingerprint of a given file. You can learn more about hash functions here and here.

  3. We deliver the email. We do nothing other email servers wouldn't do when delivering emails to the intended recipient. We connect to the recipient's mail server, we deliver the email and we record the transmission details. Whether you are the intended recipient or someone else's is, it doesn't make any difference.

  4. We generate and deliver the evidence to you. If successfully delivered, we then build the eEvid.Cert evidence: this is, a PDF file that contains the relevant header information from the email, names and hashes of all related files and the information recorded on delivery. A copy of your original email is also encapsulated as an attachment to the PDF file. Once completed, the PDF evidence is digitally signed, granting its integrity, and delivered to you.

On average, the whole process doesn't take more than a few seconds.

So what?

Each individual hash represents a piece of the email's content puzzle. On the basis that two different documents cannot generate the same hash, the hash of a given file equates to the file itself.

For the emails you send, by delivering the email to the recipient's mail server, we prove it was accepted at destination. We decline to demonstrate it was opened and read by the recipient; it really isn't that relevant and there's actually no reasonable way to prove such a thing.

For the emails sent to you, we prove beyond doubt that the email came from the sender's legitimate mail server.

The digital signature grants that the eEvid.Cert content has not changed since the signature was applied. By including a time stamp in the Daily Report of evidences, we define the time at which that content already existed. If a hash existed on a given date, the file it was obtained -your email- must also have existed on that date.

Ultimately, we prove WHAT the email contained, WHO the sender and the recipient were and WHEN it was sent and delivered.