MeSign Forum

SMF - Just Installed!

Recent Posts

Pages: 1 ... 8 9 [10]
MeSign Open Class / Lesson 19 -- Compatible with Other Email Client Software
« Last post by v-fuhaiyan on October 23, 2019, 06:42:02 AM »
On ISC 2018, some users regarded MeSince as a closed system because they think MeSince requires both sides to have MeSince APP installed to send encrypted emails. In fact, this false statement is from those that do not have a S/MIME supported email client.

MeSince complies to the international standard, S/MIME. As displayed in the images below, emails sent from MeSince APP can be deciphered on other S/MIME-supported email clients which include but are not limited to, Outlook (win), Thunderbird (win) and iPhone Mail.

With MeSince, each email has its own identity. This will be added to the theme on our website. The current version of MeSince is focusing on the importance of encryption, but in our point of view, a verified identity is also important. An email from a fake bank will be displayed as dangerous. Google Chrome currently displays “secure” for all websites that are configured with a SSL certificate. Even if it’s a fake website, it displays secure. This is far more harmful to users.

The upcoming version will display the sender’s email, as shown in the snapshot below. Fake bank email sender cannot apply for certificate that can bind email addresses of the real bank. Therefore, given HSBC has their identity information expressly displayed through MeSince, their users can easily tell the difference between real emails from them and those fake.

Therefore, MeSince is the software that addresses the email frauds. This is a extraordinary change to the world, and this, we believe, is a gospel to the Internet users.

MeSince®, lets every email be encrypted to eliminate email leak.
MeSince®, lets every email has an identity to eliminate email fraud.

Therefore, the below are updated to MeSince Manifesto.

MeSince®, the first email client that digitally sign and timestamp every outgoing email automatically as default, provides a technology tool to prevent email fraud. We recommend all Internet users use MeSince® to send all email with digital signature to show email real identity, ensuring that your emails are not impersonated and very easy to identify fake identity emails and fraudulent emails.

We call on all Internet users say "NO" to plain text email and send every email with encryption. We call on all Internet users say "NO" to non-identity email and send every email with digital signature.
MeSign Open Class / Lesson 17 -- Certificate Import and Export
« Last post by v-fuhaiyan on October 23, 2019, 06:38:26 AM »
Above all, this lesson may not be helpful to you because MeSince doesn’t require manual setting for certificate export. Certificate management is all senseless and automatic.
Nearly as soon as a user sets his email account, MeSince installs the default encrypting certificate and signing certificate for him. The user does not need to export, import or backup anything. The encrypting certificate is safely stored in our cloud server. At the first time the user uses MeSince and signs in his account on MeSince, it will be downloaded and installed perfectly.

For those who want to export the certificates, here is the guide.

For MeSince Windows version, encrypting certificates and signing certificates are securely stored in the Windows certificate store. To export your MeSince certificate, just go to Internet Explorer (Internet Options - Content - Certificates - Personal) or MMC (Certificate Management - Current User - Personal) to export your MeSince certificate, the issuing CA name is MeSince V1/V2/V3/V4 Identity CA.

Please note: The certificate protection password you set is only for the exported certificate file. If you forget this password, you can continue to export and set a new protection password. Please do not confuse this password with the certificate protection password you set on the MeSince website if you have set. If you have set the certificate private key protection password on the website, you will be required to enter The Password before exporting the certificate, otherwise it cannot be exported.

MeSince Windows version will automatically install the MeSince Root Certificate to the "Trusted Root Certification Authorities", and the user certificate is also automatically installed in the Windows user certificate store, so Office Outlook users can automatically use the Outlook to encrypt and decrypt email without any settings, just need to choose "signing" and/or "encrypting" when sending email using Outlook.

MeSince Android and iOS version don’t provide the certificate export function. Again, the export and import certificate to other email client is a hard work, no need to waste your time to do that, just use MeSince.

MeSince is an email client based on International standard, S/MIME, which allow users to import their own certificates that are not issued by MeSince. You can send your certificate of its pfx format to yourself via email and then click the attachment and the certificate will be installed automatically. After that, you can set it as your default encrypting certificate and signing certificate. However, the certificate you import may be displayed with “Untrusted by MeSince”. This is because the CA that issued the certificate did not apply for MeSince Certification. While the encryption and signing is not affected, only the UI is slightly different.
MeSign Open Class / Lesson 16 -- Timestamp
« Last post by v-fuhaiyan on October 23, 2019, 06:38:04 AM »
When we go to the post-office to mail or receive something, they must be attached with a postmark. Then why should email be left unstamped? We think this a defect and this is the source of our idea to add a timestamp to every email. We have applied patent for this solution.

When a user click the send button, MeSince will retrieve the time stamp data from the timestamp server of MeSince to attach to the email. The recipient of this email will then be confirmed of the sending time of the email, as the screenshot shows below. Note: there are sources of time, one is the receiving time by the mail server (which is not trusted because mail server time can be modified). The time on the timestamp is a trusted time, which is prevented from forging, tampering and repudiation. It can be used as legal evidence on a court.

In the screenshot below, the mail server time is, 10:52:46, Sept. 17, 2018 and the timestamp time is 10:48:28, Sept 17, 2018. Mail server time is not a trusted time. Normally, there won’t be any issue with the mail server time, but it is wise to take precautions.

Just as a postal mail must be stamped with a postmark, sending an email should also be stamped by a time stamper, and only MeSince has done it for you in the world for free!
MeSign Open Class / Lesson 15 -- Prevent frauds
« Last post by v-fuhaiyan on October 23, 2019, 06:37:22 AM »
Besides automated encryption, MeSince automated the processes of signing and timestamping too. The timestamp and signature, display the real identity information of the sender and the sending time of the email. Recipient can easily confirm the identity of the sender and the sending time, which prevents him from tricks and fraud.

There are chances that some people receive email from a fake bank that may tell him to click a tricky link and enter their bank account and password! This is the most typical phishing. The criminals can get bank accounts and their password by such means to steal money from the real owner of the accounts.

For example, the following two fraud emails sender's email address is using the real bank email address to confuse users since the sender email address can be arbitrarily written and easy to be forged.

As shown in the third picture (Simulation effect), if HSBC Bank signs and/or encrypts the sending emails to the user, the user can easily know that the email was sent by HSBC Bank since MeSince says "Identity Validated and Trusted". It is impossible to obtain the identity certificate of name as HSBC Bank for the fake email address, so it is easy to identify the fraud email. The bank only needs to tell the users that if the email without the digital signature of the bank is a fake email, the user will not be deceived. MeSince lets users to identify fraudulent emails easily.

MeSign Open Class / Lesson 14 -- Email Subject
« Last post by v-fuhaiyan on October 23, 2019, 06:36:38 AM »
According to the international standard, S/MIME, email subject is not encrypted. Those that are encrypted include email content and attachment while email subject is left in plain text. Therefore, please not include any sensitive information in email subject. Some of us may be used to writing core information in email subject, and now we have to give up this habit for information and privacy security. Maybe, you can use 1 ~ 10 in the subject to indicate the degree of importance of a certain email.

Once again, for some of us write long subjects that contain lots of private or confidential information and in the content they write "As the subject writes", please note that email subject is never encrypted under S/MIME standard. We need to keep our email subject out of any confidential or private information. Such habit of writing an email must be abandoned.
MeSign Open Class / Lesson 13 -- Question raised on ISC
« Last post by v-fuhaiyan on October 23, 2019, 06:36:16 AM »
Below are questions raised in Internet Security Conference (ISC), and our answers to them.

User One:
Our group has a user base of 400,000. Such a solution that requires everyone of them to install MeSince to realize the function of encryption, can in no way be approved. Currently we are using customized email system of enterprise supplied by 126 and the like. They are all accessed by web.

Question 1: For enterprise that has a large customer base, it is impractical to ask each one of them to install the APP. Is it possible to develop a batch tool for operation management to simplify downloading, installing and batch management?

Question 2: For company with large number of employees, is it still free for identity validation and employee certificates?

User Two:
The quantity of our employees is tens of thousands, and that amount hasn't counted our communication with the external. It sounds just unpractical to ask everyone of the employees and our customers to install the client software.

Question 3: Our company has more than ten thousands employees, and tons of communications among internal and with external happen every day. It is just not realistic to ask all of them to install the MeSince APP.

A unified answer for the questions is as follow.

First. MeSince is not a closed system but an open one under international email standard, which ensures that it can communicate to other email clients. More importantly, its encryption function is based on international S/MIME standard and the encripting certificate complies to applicable international standards. It can be used to send encrypted emails to communicate with other email clients that supports S/MIME (like, Outlook, Thunderbird and iMail).
MeSince encrypts all emails by default, but if S/MIME encryption is not available to your customers, you can send them unencrypted emails. Of course, for the security of your confidential information, we suggest that you also recommend MeSince to your cooperators to protect business confidentiality together.

Second. It’s not practical to implement email encryption and decipher under web-based. After all, html is limited in functions. Therefore, email client is the best choice. Actually, the installation is quite simple. Visit: and download the correct version. All are one-button operations. After installation, you just need to set your email account. The manager who is in charge of this, is only required to send an email to every employee to tell them to install the APP. If your server supports Exchange, Autodiscover or SRV and etc., MeSince will automate the email account setting without any hassle. If you find that MeSince does not automate the account setting, please make contact to us, and we will add the parameter of your email account into our system for free.
If the email client you are using does not support S/MIME, we recommend you use another one that supports the standard. We would certainly like to recommend you MeSince, to fully automate encryption on your emails. If the email client you are using support S/MIME and you want to encrypt your email, you need to apply a certificate from a CA and send the public key to each of your recipient to enable the encryption, which are all complex. That’s why we recommend you use MeSince to fully automate the process. We believe automated email encryption, from certificate application to public key exchange, is the only effective way to facilitate email encryption. Therefore, we recommend you the product.

Third. Certificate that MeSince deploys automatically, is all free, regardless of the number of your employees. If you apply for V3 or V4 validation (The certificate will display your company name, to prevent fraud), we only charge the fee of the validation, and certificates that will be issued are all free. In a word, there is no limit in the number of certificate issued, regardless of the number of employees or devices.

To sum up, MeSince is standard email client that supports S/MIME, not a closed system. It can be used to send encrypted emails to communicate with other email client, on the condition that other email client supports S/MIME too. If the email client you are using does not support S/MIME, use MeSince soon. For functions you want MeSince to have, please tell us and we will provide them to you.
MeSign Open Class / Lesson 12 -- Send it as an attachment
« Last post by v-fuhaiyan on October 23, 2019, 06:35:16 AM »
Sometimes we need to forward some email as an attachment. For example, when you send an email to someone and he claims that he does not receive it, and to prove that you did send one, you can forward the email as an attachment to him.

On MeSince Android or MeSince iOS, when you press the button of Forward (see the image below), a menu with four options appears, namely, “Reply”, “Reply All”, ”Forward”, ”Forward it as an attachment” and ”Cancel”. You can hit the “Forward it as an attachment” to forward an email completely as an attachment.

On MeSince Windows, there is a slight difference. Simply hit on the button, “Save as” and save the email somewhere, and then you can forward it as an attachment.

Note: If you forward an encrypted email as an attachment, only the original recipient of email being attached can decipher and read it. In the scenario mentioned above, only the one you have sent the original email to can decipher it. That proves the fact that you have sent the email to him.
MeSign Open Class / Lesson 11 -- A Tips Using MeSince
« Last post by v-fuhaiyan on October 23, 2019, 06:34:40 AM »
When reading an email, you may find lots of information taking up much of the page, such as the information about the sender, encryption certificate, signing certificate and Timestamp.
Therefore, there is the button on the top right, press it and the page will be much cleaner to read. Try it? ;)

MeSign Open Class / Lesson 10 -- SPAM Management
« Last post by v-fuhaiyan on October 23, 2019, 06:34:10 AM »
Traditionally, SPAM is handled in mail server or email client by scanning on content of the email. Given that emails are all encrypted on MeSince, this mechanism is no longer available. For the necessity of SPAM preventing, MeSince introduce two mechanisms on the client end.

The mechanisms are based on blacklisting. When receiving SPAM, users are expected to hit the button as shown in the image below to report the sender, and then all later emails sent from the same address will be sorted into SPAM folder. If the email address is reported by many users as spammer, it will be listed in our Cloud-based Blacklist which will be synchronized to each user’s MeSince to prevent them from receiving emails from this spammer.

In case that some email addresses might be misjudged as spammer, there is Whitelist in MeSince APP, where you can list trusted ones. When receiving an email, MeSince checks the Whitelist first. As long as the sender is in Whitelist, the user will receive it in his inbox, whether or not it has been listed in any blacklist.

MeSince also identifies similar sender address according to their styles. MeSince is also planning to develop the email content scanning, which means to scan email content after the email is deciphered, to detect if it is SPAM.
Please report any SPAM when you receive them, which protects you and others from SPAM.
Pages: 1 ... 8 9 [10]