ProtonMail employs different methods to protect your privacy and security. While our end-to-end encryption protects your email from being read by outsiders, it does not ensure that your email has been sent by the right person. For example, if firstname.lastname@example.org sends you an email, there is no certainty that it was actually John himself who wrote and sent the email.
To verify the identity of the sender, ProtonMail uses digital signatures. Digital signatures are similar to physical signatures, except each digital signature only signs a specific email. This means that the email cannot be changed or tampered with after it was signed.
Sender verification on emails
When trusted keys are available, digital signatures in emails are automatically verified. To check whether the email has a valid digital signature, you can hover on the Lock icon next to the sender’s address. This is how a digitally signed email looks:
An email with an invalid digital signature looks like this:
Signature verification on attachments
Email attachments can also be digitally signed. Email attachments that have passed ProtonMail’s security checks and have been digitally signed can be downloaded immediately.
However, if the email attachment failed the digital signature check, you will encounter this warning when you try to download the attachment:
This article provides more detail on digital signatures.
Does an invalid signature mean that someone tampered with my data?
While it is possible that someone has tampered with your data, this is not always the case. It could be that someone deleted their public keys or account, making it impossible to verify the signature. Your browser will then be unable to verify the authenticity of the emails and attachments.