EidolonHost Posted June 8, 2015 Report Share Posted June 8, 2015 So, it was reported that Facebook is now adding the option to add GPG keys to verify Facebook E-mails by ArsTechnica. I thought that was such a good idea that I wanted to make a feature request to add that option here. Anything to ensure that we can verify to customers that our e-mails are legitimate. More often than not, we've received WHMCS e-mails that looked fake but turned out to be actual e-mails from WHMCS. Such as the recent price raising e-mail that was delivered to WHMCS customers not too long ago. Something like that would've been nice to be able to immediately verify. What do you guys think? SHould it be per-department GPG key or should all e-mails use the same GPG key? Quote Link to comment Share on other sites More sharing options...
serge Posted June 8, 2015 Report Share Posted June 8, 2015 I think GPG key is not about being legitimate email or not, as this is more related to having SPF or DKIM DNS records and reverse DNS record. But GPG is related to encrypted content in the email, so you need to share key/secret with customers, it's will be hard to ask them fo follow or adopt it Quote Link to comment Share on other sites More sharing options...
EidolonHost Posted June 8, 2015 Author Report Share Posted June 8, 2015 I think GPG key is not about being legitimate email or not, as this is more related to having SPF or DKIM DNS records and reverse DNS record. But GPG is related to encrypted content in the email, so you need to share key/secret with customers, it's will be hard to ask them fo follow or adopt it Well, no. Of course it isn't, but it at least adds one more method of verifying that the e-mail is coming from the source. We shouldn't make it mandatory but... I think it should be optional. Make it so that if a customer wishes to get PGP/GPG signed e-mails from us, that the option is there and we're able to do it. We'll be adding this to our e-mail set-up as soon as Blesta gains the capability to do that. I really like where Facebook is going with this. Besides... you'll be getting more and more tech-savvy users. They'll start wanting to see this as soon as the option is available. Or at least, I'd like to see this available. Just as others want to see Two-Factor authentication support added for other providers. What about SSH keys? Would that be a better option? Quote Link to comment Share on other sites More sharing options...
techhelper1 Posted June 9, 2015 Report Share Posted June 9, 2015 SSH keys have nothing to do with email or website authentication. That's only for *NIX nodes/VPS's/etc... serge 1 Quote Link to comment Share on other sites More sharing options...
EidolonHost Posted June 11, 2015 Author Report Share Posted June 11, 2015 SSH keys have nothing to do with email or website authentication. That's only for *NIX nodes/VPS's/etc... Not necessarily, no... but some form of ensuring our e-mails are actually verified and not being spoofed... or any other thing, much like the recent WHMCS price change e-mail would be nice to have. Just my 2 cents. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.