Question before I try CSE

I have been wanting to try out CSE for the added security it would give me when sending emails. That much is probably obvious to anyone who uses the product. My question is this however. Will the person receiving the email be able to read it without having CSE on their end? I worry that once my email is sent out encrypted the person on the other end will have trouble reading it. Please clarify this for me.

Hi, Vorpalstar

When you send encrypted e-mail via Comodo SecureEmail (CSE) we have 2 possible scenarios:

  1. You have your recipient’s certificate - in this case this e-mail can be encrypted with usual e-mail Comodo certificate (Personal or Corporate). When your recipient will receive such e-mail he would be able to read it with any mail client that supports encrypted e-mails (Outlook, Outlook Express/Windows Mail, Thunderbird, etc.) if he has his certificate installed (with Private Key).
  2. You have no certificate for your recipient (probably your recipient doesn’t have certificate at all). For this scenario we have Single-Use Certificate feature: CSE generates session certificate and encrypts e-mail with it then uploads it to Comodo server. When your recipient receives such e-mail without CSE installed he will see our CSE e-mail wrapper with original e-mail encrypted in attachment. This e-mail wrapper has detailed instructions how to read this e-mail:
    a) User can download and install CSE and it will order certificate for this user and will install it and will decrypt received e-mail.
    b) User can use our WebReader service - if he doesn’t wish to install CSE (or can’t). In this case user will forward received e-mail to our WebReader e-mail and will receive e-mail with link to decrypted e-mail stored in our secure Comodo web-site (WebReader will receive session certificate from Comodo server and certificate will never left Comodo). User can read his e-mail and can delete it.

I hope I’ve answered your question.
We appreciate any feedback as it can help us to make CSE more user-friendly.
Feel free to ask me any questions about CSE.

Regards, Eugene.

b) User can use our WebReader service - if he doesn't wish to install CSE (or can't). In this case user will forward received e-mail to our WebReader e-mail and will receive e-mail with link to decrypted e-mail stored in our secure Comodo web-site (WebReader will receive session certificate from Comodo server and certificate will never left Comodo). User can read his e-mail and can delete it.

What if an attacker is on the recipient site and intercept the message, then forward it himself to the Webreader ? If he can intercept the original message, he mostly probably can intercept the one sent by Comodo…

Hi bigjim,

We have options:

  1. Don’t allow e-mails to be viewed by WebReader service
  2. Prompt my contacts for a password to read e-mails via WebReader service.

So, You are able to use one of these options for additional security.
In the first case your recipient will need to install CSE and decrypt e-mail with it.
For the second option - you can tell him a password in another way ( or it will be well-known password for both ) and attacker will be unable to read this e-mail.

Feel free to ask me any questions about CSE.

Regards, Eugene