Is there a method in Rails to digitally sign emails sent via ActionMailer? I was thinking a long the lines of hashing the entire email, body and headers, as well as a salt. Then the hash could be added to the headers as the email's signature.
I was thinking this could be a good way to determine if a recipient of my emails is receiving spoofed emails. If in doubt, they could submit the email to an online app that would do the necessary hashing to determines its authenticity.
-pachl
pachl wrote:
Is there a method in Rails to digitally sign emails sent via ActionMailer? I was thinking a long the lines of hashing the entire email, body and headers, as well as a salt. Then the hash could be added to the headers as the email's signature.
I was thinking this could be a good way to determine if a recipient of my emails is receiving spoofed emails. If in doubt, they could submit the email to an online app that would do the necessary hashing to determines its authenticity.
Why reinvent the wheel? Use OpenPGP (GnuPG) or S/MIME. I case you use former, ensure your users all trust the public key of your application. If you decide to use S/MIME, its even simpler from user point of view to check validity of the messages. S/MIME is supported by default in decent e-mail clients and there's OpenPGP plugins for various of them.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks