Certified email

Last updated

Certified email (known as Posta elettronica certificata in Italy, or PEC in short) is a special type of email in use in Italy, [1] Switzerland, [2] Hong Kong [3] and Germany. [4] Certified email is meant to provide a legal equivalent of the traditional registered mail, where users are able to legally prove that a given email has been sent and received by paying a small fee.

Contents

Registered mail is mainly used in Italy, [5] but there are present efforts to extend its legal validity according to the framework of the European Union. [6]

Description

A certified email can only be sent using a special Certified Email Account provided by a registered provider. When a certified email is sent, the sender's provider will release a receipt of the successful (or failed) transaction. This receipt has legal value and it includes precise information about the time the certified email was sent. Similarly, the receiver's provider will deliver the message in the appropriate certified email account and will then release to the sender a receipt of successful (or failed) delivery, indicating on this receipt the exact time of delivery. If either of these two receipts are lost by the sender, providers are required to issue a proof of transaction with equal legal validity, if this proof is requested within 30 months of delivery.

In terms of user experience, a certified email account is very similar to a normal email account. The only additional features are the receipts, received as attachments, providing details and timestamps for all transactions. A certified email account can only handle certified email and can't be used to send regular email.

Technical process

The development of this email service has conceptual variations that are dominated by two-party scenarios with only one sender and one receiver as well as a trusted third party (TTP) serving as a mediator. As in traditional registered mail, many certified email technologies call for the parties involved to trust the TTP, or the "postman", because it has the capacity to reveal the identity of the sender to the recipient once the protocol is initiated. [7] There are, however, some applications based on multi-party email protocols; these include the technology originally proposed by Markowitch and Kremer, that involves an online or offline TTP in addition to the sender and receiver. [8] There is also a multi-party version, wherein a user can send the same email to multiple recipients. In this system, those who acknowledge the receipt are able to view the data. Some applications also offer add-in features, such as the integration of the concept of timeliness, wherein a participant to the process can terminate a session in finite time in order to avoid waiting for a reply forever. [9]

The mediation of a trusted third party (TTP) requires both parties, the sender and the recipient, to come to terms in approving who will be the mediator. In compliance scenarios, where a regulation may simply require a party to deliver a notice to a given recipient and be able to prove having done so (i.e. GDPR), the role of a TTP can be trusted to an electronic registered delivery service capable to secure timestamped evidence of the contents and delivery of the electronic message, without the recipient's intervention. [10]

Certified email in Italy

The Italian certified email (Posta elettronica certificata, PEC) was established in 2005 [11] and it uses protocols described in the RFC 6109 (Request for Comments 6109), which was drafted in order to make the protocols public to the Internet community.

Since July 1 of 2013, all communications between enterprises and the Italian public administration are required to be sent through PEC and paper documents are no longer accepted. [12]

All matters concerning PEC in Italy are supervised and regulated by a special government agency called AgID ("Agenzia per l'Italia digitale") which determines the authorized certified email providers, the legal framework of PEC and the rules and terms of use.

Anyone may register a PEC address through a certified provider or reseller.

Starting from 2022, Italy is migrating from PEC to an EIDAS-compliant protocol, called Registered Electronic Mail. The switch over to the new protocol is being led by Roberto Reale [13] and Alessandra Antolini on behalf of AgID.


Comparison of Certified E-Mail providers in Italy
PEC providereidas compatible 2024?DMA friendly (google\apple independent)Limitationaddress portability
Intesi Groupwill be in 2024 ?unknownno
Aruba (Actalis)partialnono
Infocertyesnono
Università degli Studi di Napoli Federico II... ?Only for students and other business partnersno
TWTno ?...no
Sogein\a ?Only for business partnersno
register.itno ?...no
Regione Marche - Posta Raffaellon\a ?suppressedno
Poste Italianen\a ?...no
Consiglio Nazionale del Notariatono ?privateno
Namirial S.p.A.no ?n\ano
Cedacri Cert... ?...no
IN.TE.SA. S.p.Aoffline ?offlineno
Irideos S.p.A. (kolst)no ?no
Notartel S.p.A. ?no
Sogeino ?n\ano

See also

Related Research Articles

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Registered mail</span> Postal service

Registered mail is a mail service offered by postal services in many countries which allows the sender proof of mailing via a mailing receipt and, upon request, electronic verification that an article was delivered or that a delivery attempt was made. Depending on the country, additional services may also be available, such as:

A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them, but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.

Poste restante, also known as general delivery in North American English, is a service where the post office holds the mail until the recipient calls for it. It is a common destination for mail for people who are visiting a particular location and have no need, or no way, of having mail delivered directly to their place of residence at that time.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

In email, a return receipt is an acknowledgment by the recipient's email client to the sender of receipt of an email message. What acknowledgment, if any, is sent by the recipient to the sender is dependent on the email software of the recipient.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

Disposable email addressing, also known as DEA, dark mail or masked email, refers to an approach that involves using a unique email address for every contact or entity, or for a limited number of times or uses. The benefit is that if anyone compromises the address or utilizes it in connection with email abuse, the address owner can easily cancel it without affecting any of their other contacts.

PEC may refer to:

Emailtracking is a method for monitoring whether the email message is read by the intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date when an email is received or opened, as well as the IP address of the recipient.

<span class="mw-page-title-main">Proof of delivery</span>

A proof of delivery (POD) is a document that substantiates that a carrier has satisfied its terms of a contract of carriage for cargo by confirmation of the recipient or consignee. When the sender sends multiple documents through the mail, there is a possibility of some not reaching the intended recipient. Generally, post offices provide an additional service of guaranteed delivery, known as an avis de réception, wherein they require the recipient to sign a paper, and that paper is filed by the postal service for a specified number of days.

A directory harvest attack (DHA) is a technique used by spammers in an attempt to find valid/existent e-mail addresses at a domain by using brute force. The attack is usually carried out by way of a standard dictionary attack, where valid e-mail addresses are found by brute force guessing valid e-mail addresses at a domain using different permutations of common usernames. These attacks are more effective for finding e-mail addresses of companies since they are likely to have a standard format for official e-mail aliases.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients are personally identified and transactions are logged by the secure email platform.

AS1 is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

De-MailGerman pronunciation:[deːˈeːmɛɪ̯l] is a German e-government communications service that makes it possible to exchange legal electronic documents between citizens, agencies, and businesses over the Internet. The project was originally called Bürgerportal and has been implemented by the German government in cooperation with private business partners in an effort to reduce the communication costs of public administration and companies.

With the advent of the email, an array of anti-spam techniques have been developed in regards to email spam. Email spam is the unwarranted inundation of unsolicited bulk emails. These are methods created on the client arrangement of a situation, as opposed to the server-side.

References

  1. "Posta elettronica certificata – PEC". Linea Amica (in Italian). Italian government. Retrieved 2015-08-13.
  2. "IncaMail". La Posta (in Italian). Retrieved 2018-12-24.
  3. "GovHK: Electronic Authentication & Digital Certificates". www.gov.hk. Retrieved 2015-08-13.
  4. "De-Mail – einfach verschlüsselt und nachweisbar". www.cio.bund.de (in German). Retrieved 2019-09-22.
  5. "Il futuro della PEC: Armonizzazione e riconoscimento in Europa - Diritto informatico: Notizie e guide". 9 March 2018.
  6. "La Posta Elettronica Certificata verso le regole europee". 24 May 2017.
  7. Zhou, Jianying; Kang, Meng Chow; Bao, Feng; Pang, Hwee-Hwa (2005). Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005 . Amsterdam: IOS Press. pp.  80. ISBN   1-58603-550-9.
  8. Lopez, Javier; Okamoto, Eiji (2004). Information and Communications Security: 6th International Conference, ICICS 2004, Malaga, Spain, October 27-29, 2004. Proceedings . Berlin: Springer. pp.  40. ISBN   3-540-23563-9.
  9. Qing, Sihan; Mao, Wenbo; Lopez, Javier; Wang, Guilin (2005). Information and Communications Security: 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, Proceedings . Berlin: Springer Science & Business Media. pp.  1. ISBN   978-3-540-30934-5.
  10. Carlos Tico (2012). Method, a system and a computer program product for certifying that a destination email server has received an email message sent from a sender to at least one destination address. US Patent 9,742,722 B2 (2017) and EP2805455B1 (2018).
  11. "Decreto del Presidente della Repubblica 11 febbraio 2005, n. 68" (PDF). Agenzia per l'Italia Digitale (in Italian). 2005-02-11. Regolamento recante disposizioni per l'utilizzo della posta elettronica certificata, a norma dell'articolo 27 della legge 16 gennaio 2003, n. 3.
  12. "Posta elettronica certificata". Agenzia per l'Italia digitale. Italian government. Retrieved 2018-12-24.
  13. "REM SERVICES - Criteri di adozione standard ETSI - Policy IT" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.