Note: This article refers to a feature that is still in beta and not yet released on the public version of ProtonMail.
ProtonMail employs different methods to protect your privacy and your security. One method of protecting messages from being read by outsiders is encryption. However, encryption alone does not protect you from all security vulnerabilities. For instance, if email@example.com sends you an email, how do you know if John actually sent you the message and not some malicious outsider? Encryption will protect the confidentiality of messages after it is sent, yet gives no assurances about who sent the email.
To verify the identity of the sender, ProtonMail uses digital signatures, which are like physical signatures on a specific message, ensuring that the message cannot be changed or tampered with after it is signed.
If you are using the Address Verification with Trusted Keys feature, then ProtonMail will notify you if a digital signature check fails via the “Sender Verification Failed” error message. This article provides more details about what this message means.
Signature verification on messages
When trusted keys are available for a contact’s email address, signatures on messages are automatically verified by ProtonMail when an email or an attachment from that sender is opened. To see whether the message sent has a valid signature you can look at the sender’s address. A warning sign indicates an invalid signature:
We will explain later in this article what this means.
Signature verification on attachments
Attachments can also be signed. If a contact’s email has Address Verification with Trusted Keys enabled, you can be sure that the attachment you received actually came from them and has not been tampered with in transit. In contrast to messages, the signature status cannot always be shown immediately after opening the message. It is necessary to download the attachment first before we can verify it. While some attachments (such as embedded images) are downloaded automatically, you usually have to download the attachments manually before signature verification can occur.
As soon as the attachment has been downloaded for the first time a status icon will be shown if there is a signature. On attachments that failed signature verification, you will see the following warning icon:
Does an invalid signature always mean someone tampered with my data?
There are a number of possible explanations. The most common reasons are:
1) The sender has reset their password, which always generates new encryption keys for that address. Because the new encryption key is not trusted, Sender Verification Failed will be displayed. After you trust the contact’s new key, Sender Verification will succeed. Of course, you should verify with the sender that they actually did reset their password before you trust the new key.
2) The sender has generated a new encryption key. If the sender has generated a new encryption key and is sending messages with that new key, then Sender Verification will fail because this key is not trusted. In this case, you should verify with the sender that they did change their encryption key before trusting the new key.
If you get the Sender Verification Failed error, but the sender did not reset password or generate a new encryption key, it could mean that the sender’s account has been compromised or that the email sent to you has been tampered with. In this case, you should not trust the email until confirming the contents of the email with the sender through some other channel. If you have questions, you can reach our security team at firstname.lastname@example.org.