JM's Blog

Web, Society, Technology, and Innovation

November 17, 2007

Email Link Versus Contact Form

There are today two main ways for a visitor of your website to contact you, the site's owner: email links and contact forms.

Rigidity of forms vs flexibility of email links.
There are situations where it is desirable to make sure the recipient and the subject are set to specific values so the message is routed to the appropriate person, team, or sadly, automated-response system.
Forms allow to structure the message into different fields and constrain the values allowed for each field.

Email links are symmetric
Email links are symmetric in two ways.

First because both the sender and the recipient use the same communication protocol. This implies the possibility of conversations (two-way communication) rather than the broadcast of a message to an unknown and unnamed recipient.
As it is always possible that I mistyped my email address in the form, I'm not even sure that the other party will be able (or willing) to reply.

Second, as a side effect of sending a message I retain an exact copy of it. So I can refer to this copy later to either refresh my mind about what exactly I wrote or to prove that I actually sent the message in the first place. Sending an acknowledgment email after the submission of a form may achieve the same effect, but only if it contains the original message.

Note that some websites allow web users to create free contact forms.

August 18, 2006

Using Secure Email & Digital Signatures

Many businesses have a policy to include a lamentable disclaimer at the bottom of every email they send:

This e-mail and its attachments are confidential and intended solely for the addressees. If you are not the intended recipient of this message, then please delete it and notify the sender. Since the integrity of this message cannot be guaranteed on the Internet, Example, Inc. cannot be considered responsible for its content.

The reason I say this is lamentable is that ensuring the confidentiality of message and the authentication of its sender requires very little effort. All you need to start sending secure emails (S/MIME) is a regular email client such as Thunderbird and a digital certificate.

Several certification authorities (CA) give personal email certificates for free. Thawte has scheme that allows accredited individuals to check your identity so that your full name can be included in your digital certificate. From this point you'll be able to digitally sign all your emails; thus allowing your correspondants to:

  1. trust that a message was really sent by you and not someone pretending to be you
  2. verify that a message hasn't been changed by a third party, and therefore that its content can be trusted

In order to ensure the confidentiality of messages, you will additionally need that all recipients also own a digital certificate, so that messages can be encrypted.

Digitally signed emails are accepted as legally binding in the US and many countries in Europe.

August 15, 2006

Buying a SSL Certificate: What Do You Get?

There are considerable variations in the cost of SSL certificates. But what you get in the end also varies considerably. So what do you actually buy?

You buy trust and brand image.

A SSL certificate is a guarantee from a certification authority that the server presenting the certificate to a browser is indeed who it claims to be, but this means different things for different SSL certificates:

  • for low cost certificate that means assuring your browser is indeed connecting to the host

  • for expensive certificates that means assuring your browser is connecting to, which is operated by Example, inc. ; an organization that the authority has checked existed.

In the first case, all the authority validates is that the person who is delivered a certificate has also some administrative rights on the domain In the second case, they also manually check that the organization Example, inc. has a legal existence.

Beyond that, big names like Verisign and Thawte (now part of Verisign) give you a logo to show on your site, using their brand name to help you build confidence with your customers.

How much?

High-assurance certificates cost hundreds of USD. Comodo sells simple domain validated certificates for $15/year.

Can you get SSL certificates for free?

If you only need a secure SSL connection without the authentication aspect because you are just trying to secure your webmail access and know your users, you can generate a self-signed certificate, or get one from In either cases, users will be asked to accept your certificate before they can proceed. If this is likely to be a problem, go for the $15 option. Some large institutions use self signed certificates and that's really a shame.

Copyright ©2008 Syronex