Can Digitally Signed Emails Be Manipulated? The Hidden Risks Explained

Some of you are aware that regular emails can be easily manipulated without leaving traces. This is why emails are weak as evidence unless some sort of proof can be established about their contents and delivery. Yet many still believe that what they send and receive via email will always stand as solid evidence.

But what about digitally signed emails? Can these be fully trusted? Although this may surprise you, the answer is NO. Digitally signed emails can be manipulated almost as easily as regular emails.

Manipulating a digitally signed email completely

It’s shockingly easy. Save any digitally signed email to disk, open it with a text editor, change whatever you want in the header or body, add or remove attachments, and save it again. Open it in your email client and there it is.

The only drawback is that the email will no longer appear as digitally signed. But here’s the problem: most email clients won’t show any warning that something is wrong with the email or its original digital signature.

Manipulating an email without removing its digital signature

Now imagine this. You send a digitally signed email to a client. In your own Sent folder, it looks the same as an unsigned one — irrelevant from your perspective. But in the recipient’s inbox, it’s shown as digitally signed.

If that recipient can modify part of your message while keeping the signature intact, they could still prove it was you who sent it. Alarming, isn’t it?

In fact, this is possible: two critical fields in a digitally signed email can be altered without affecting the digital signature:

• The date of the email
• The recipient’s address

The potential consequences of this loophole are serious, especially in the context of legal disputes or sensitive business communications.

Frequently Asked Questions (FAQ)

Are digitally signed emails legally valid?
Yes, but only to a certain extent. They confirm who the sender is and ensure integrity of some data. However, they do not guarantee immutability of all fields or confirm delivery.

What are the main risks of relying on digital signatures in emails?
Key information like the recipient’s address and the date can be modified without breaking the signature, which can lead to disputes or even fraud.

Can digital signatures prove delivery?
No. A digital signature proves who signed the message and that certain content hasn’t been tampered with — but it does not prove that the email was delivered or when.

What is the safer alternative?
Registered email. It certifies the exact content, sender, recipient, and timestamp, providing immutable evidence with full probative value.

Conclusion

Digitally signed emails are not as tamper-proof as many believe. They can be manipulated in ways that compromise their reliability as evidence, especially in legal disputes.

For organizations that need irrefutable proof of what was sent, to whom, and when, only registered email provides the level of legal certainty required.

Before sending another digitally signed message thinking it’s airtight, consider the risks — and remember that registered email is the true solution for secure, evidence-based communications.