Done any tricks today? About Email missunderstandings and half-truths (part 3)

Part 3 of our series: "Done any tricks today?“ addresses solutions for ensuring verifiable and secure e-mail correspondence. In addition, we should not forget the EU General Data Protection Regulation. In particular, the reversal of the burden of proof in case of data protection violations (article 5, paragraph 2) should be kept in mind.

Let's ask the following question: how can you provide sufficient proof of e-mail correspondence? Generally speaking, there are 5 key criteria here: WHO wrote WHAT to WHOM, WHEN and WHY.

Registered mail with a return receipt

The post office provides a great example of this: registered post sent with a return receipt already meets 4 of these criteria, namely WHO (sender) sent WHAT (envelope) WHEN (date stamp) HOW (by post) to WHOM (recipient who can confirm this). This is a great start, however the recipient could still claim that the envelope was empty.

Electronic registered mail

RMail lets you transfer all the secure attributes of registered post (including return receipts) to your e-mail correspondence. However, RMail also goes one step further. The proof of delivery contains the encrypted, digitally signed original content. "That is not how I received it," is no longer a valid argument.

But let's break down these details even further:

WHO / WHOM: RMail logs both the sender's and recipient's address. All sender addresses are verified using 2-factor authentication and inspection. The e-mail's electronic route to the recipient's mailbox can be traced. The sender can also be authenticated later by the RMail system (digital seal).

WHEN: RMail uses a UTC time server to insert a time stamp in both the log and the proof of delivery. The local times of the recipient's e-mail servers are simultaneously queried.

WHAT: The content of the original e-mail is encrypted and signed with a private key on the RMail server. Subsequently, the data stream acquired in this manner is embedded into the proof of delivery along with the public key. The proof of delivery can thus be authenticated by the RMail server at any time — ensuring that its integrity is maintained. All of this is carried out without requiring the sender/recipient to do anything.

HOW: This is important with regard to the EU General Data Protection Regulation, i.e. how was the personal data transferred? For example, with or without encryption? The proof of delivery contains precisely this information.

Summary

Human error or process errors can prove costly in the context of data protection regulations. Taking precautions is better than suffering image loss and/or incurring penalties.

We offer a service with RMail that provides reliable proof of who sent what to whom and how.

In addition, the service also encrypts personal data (General Data Protection Regulation, article 5, paragraph 1f as well as article 32, paragraph 1a) and ensures maximum compliance thanks to the proof of delivery (article 5, paragraph 2).