I am a Comodo SecureEmail user and so is another friend. We both seem to have the product installed correctly and it works well. We exchange signed and encrypted e-mail frequently. Every few days (not the same number of days between incidents) I receive an e-mail from my friend the body of which is quoted below. I have replaced his address and key portions of my e-mail address with xxx for privacy. Those addresses are correct in the actual e-mail. There is also a Comodo logo header and a footer explaining what SecureEmail is. The question is why do I get these e-mails as his certificate is clearly evident when I look at the certificate store AND we routinely, successfully exchange signed and encrypted e-mail? I suspect it may be triggered when I include him in e-mails sent to several correspondents most of whom do not have e-mail certificates let alone SecureEmail and so those e-mails are not encrypted and occasionally not signed as some recipients use web mail (Yahoo and Hotmail) exclusively and so find the unexplained smime.p7m attachment confusing.
My environment: Dual boot Windows 2K and Ubuntu Intrepid Ibis. Thunderbird version 2.0.0.18 (20081105) in Windows and a similarly current version in Ubuntu. These clients are currently independent of each other and share no files for operation. Both are configured for EnigMail with keys having been generated. Both using my Comodo certificate for S/MIME which is my default. Thunderbird is set to handle three different e-mail accounts (family members i.e. wife) in each case and each account has its own certificate. The same certificates are used in Linux and W2K for the same e-mail addresses. W2K has SecureEmail running. It was installed AFTER the certificates were obtained and installed. Finally, I still have Outlook Express 2000 installed and occasionally open it when friends have questions about how something works or looks in OE. OE also shows my friend’s certificate in its certificate store. I do not use OE as my e-mail client and the suspect message arrives far more often than I open OE but I have successfully tested digital signatures and encryption from OE with my friend so I know the certificates are installed effectively in OE.
–BEGIN QUOTE—
Dear gtmikey@xxx.xxx
This is an automated message sent by Comodo SecureEmail on behalf of xxx@xxx.xxx
xxx@xxx.xxx would like you to install their email certificate which is contained in this email. After installing the certificate, you will be able to encrypt any messages you send to frsmcc@mchsi.com
Your installation of Comodo SecureEmail may have already installed this certificate for you. If you are not sure, please see the 'Certificate Update Emails’ section of the application and check which of the following options are selected under 'Other People’s e-mail certificates’.
* Prompt - SecureEmail will generate a pop-up dialog asking you if you want to install the sender's certificate. Clicking 'Yes' will automatically import the certificate into the Window's certificate store.
* Automatic - SecureEmail installs the new certificate automatically. From this point on you can encrypt for that contact using that certificate
* Do not install - You will have to manually import the sender’s email certificate. For more details, please refer to your client documentation
–END QUOTE–
