SelfDestructingEmail.com - Click here to return to the home page and main menu
Certified Emails in Court  
Using SelfDestructingEmail Certified Emails in Court

Email certified by SelfDestructingEmail is admissible in court as verifiable evidence to support the following:

  1. Proof of the date and time that an email was transmitted across the internet
  2. Proof that the content and original headers of an email have not been altered since transmission.
  3. Proof that the Certified Email was rendered for display on a computer screen, including additional evidence to verify that the email was observed by a human recipient (as opposed to being read by a computer program alone), in an approximate physical location using recorded email or web-browser software at a specific point in time.

Additional protection provides independent establishment of the trustworthiness of SelfDestructingEmail date and time stamps.


Before we begin:

It is important to understand the answers to the following 2 questions:-

Q:   What is a "SelfDestructingEmail Certified Email"
A:   It is an ordinary email which has extra information attached to the end indicating the date and time the email was transmitted on the internet, the unique consecutive serial number that has been assigned to the email, and the unique cryptographic identification number of the email itself. The entire email (usually also including the email headers) including this extra information at the end is then digitally signed. The signature is attached to the email and later published. The now-certified email is finally transferred to the recipients email server, and a copy is returned to the sender as an attachment to their "proof-of-posting" certificate.

Q:   What is a "Proof-of-Opening" certificate, and how does it work?
A:   This is an email that is produced automatically by the SelfDestructingEmail server and is itself certified (see What is a "SelfDestructingEmail Certified Email" above). It is produced when the SelfDestructingEmail server detects the unique cryptographic identification number. This number is included only within the email that is sent to the recipient, and will only be detected by the SelfDestructingEmail server when the email is displayed on a computer screen for reading by a person. At the option of the sender, this number will be detected either automatically (when the email is opened) or manually (when the reader elects to follow the instructions to acknowledge that they read the email). The "Proof-of-Opening" certificate will distinguish which kind of acknowledgement (automatic or manual) caused it to be produced.

Answers to other questions raised by the above can be found at the end of this document.


SelfDestructingEmail provides up to three different Certified Documents per email sent.

  1. The email, as delivered to the recipient, has one or more certificates attached and is digitally signed during transit.
  2. The sender gets a second copy of their own email that was certified and digitally signed by return email shortly after posting. This is delivered back to the sender as an attachment to a "Proof-of-Posting" certificate
  3. The sender usually gets a "Proof-of-Opening" certificate (ie: digitally signed and time-stamped "Read-Notification") when the email they have sent to their recipient is opened and read.


To use your Certified SelfDestructingEmail documents in court, please carefully follow the steps below.

  1. Print out these instructions and explanations. This will be required in court to explain the scope and trustworthiness of the SelfDestructingEmail service and documents processed by it.
  2. Print out all your related original SelfDestructingEmail certified documents and all attachments thereto. If possible, try also to print the full headers of all emails, and if you are using "multipart alternative" MIME emails, print both the TEXT and the HTML versions as well. (The Microsoft Outlook command sequence to do this is: File=>Properties=>Details [and optionally =>Message-Source] )
  3. Check that your documents have been correctly certified.
    i.     All certified (but as-yet un-verified) TEXT documents will commence with the following:-

    -----BEGIN PGP SIGNED MESSAGE-----

    ii.    All certified (but as-yet un-verified) HTML documents will commence their source content with the following:-

    <!--
    -----BEGIN PGP SIGNED MESSAGE-----

    SelfDestructingEmail.com time-certified message. Original output headers:-

    iii.   Both will end with a digital signature resembling the following:-

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SelfDestructingEmail.com TimeStamp Server v2.1)
    Comment: Certificate #9900, created Mon, 19 Nov 2001 05:02:23 GMT

    iQBvAwUBO/iSXzanThAdit3tAQGSXwLMD3pcdjoKXEBHYqXpqT0c12B9jagV+lsK
    vzb5Pxa0oFj+ffZOhCGZJwbib5l5DEuNL79FwDtQ0vmUIuOL1d+I4acE2WrsjZrA
    20L4uFXO+BiPw4q+NBnlvHJX

    =et1Q

    -----END PGP SIGNATURE-----

  4. Verify the digital signatures attached to all your printed documents, and print a second copy of the verified documents.

    To verify these documents, obtain a signature verification program (for example: PGP by Networks Associates Technology, Inc. which is available for download from the web site www.pgp.com (USA) and also www.pgpi.com (International))

    Mark and copy the the entire SelfDestructingEmail certified document verbatim. If you are verifying an HTML document, first display the document, then choose "View-Source" to access the literal content that has been certified (eg; the key sequence for this in popular email software is File=>Properties=>Details=>Message-Source)

    Use your signature verification program to verify the contents of your clipboard. For example, the key sequence within the PGP product for this is PGP=>Clipboard=>Decrypt&Verify. You may be prompted to search for the SelfDestructingEmail public key. You can allow this automatically, or download it manually from our web site if you prefer. Our Key ID is 0x1D8ADDED and our SelfDestructingEmail TimeStamper Key fingerprint = 7272 F5EA A903 19B5 74E0 A620 4A02 2DFB. Please verify these are correct by selecting "Key Properties" for our public key "SelfDestructingEmail TimeStamper <stamper@selfdestructingemail.com>"

    Print the resulting verified document (or the source thereof if HTML).

    i.    Correctly verified TEXT documents will commence with the following (with appropriate dates):

    *** PGP Signature Status: good
    *** Signer: SelfDestructingEmail TimeStamper <stamper@selfdestructingemail.com>
    *** Signed: 19/11/2001 4:02:23 PM
    *** Verified: 19/11/2001 4:55:55 PM
    *** BEGIN PGP VERIFIED MESSAGE ***

    ii.   Correctly verified HTML documents will commence with the following:

    <!--

    *** PGP Signature Status: good
    *** Signer: SelfDestructingEmail TimeStamper <stamper@selfdestructingemail.com>
    *** Signed: 19/11/2001 4:02:23 PM
    *** Verified: 19/11/2001 4:55:55 PM
    *** BEGIN PGP VERIFIED MESSAGE ***

    iii.  Both will end with the following message replacing the original digital signature:

    *** END PGP VERIFIED MESSAGE ***

    If the signed document has been altered in any way, it will NOT verify properly - ie: you will get the following status:

    *** PGP Signature Status: bad

    Note: Dates and Times displayed by your verification program will be UTC unless otherwise specified.


  5. You will now have the printed evidence necessary demonstrate that your documents were sent and/or opened, and when. Remember to retain an electronic copy of all your documents so that any independent third party can follow the above steps to verify your documents themselves.

  6. To verify that the SelfDestructingEmail service has produced reliable trustworthy time-stamps, you can optionally follow these additional procedures.

    a.         Visit our signature display web page at www.selfdestructingemail.com/showsig.asp and enter the unique consecutive serial number that is displayed within your digital certificate into the section under the heading "You can look up any SelfDestructingEmail Digital Signature. Enter the serial number here" then click the "signature lookup" button.

    b.         Look and check that it displays the same signature as the one attached to your document. Note the date and time it was made.

    c.         Locate the corresponding SelfDestructingEmail weekly digital signature summary publication. It appears in the following USENET internet newsgroups on thousands of news servers worldwide. alt.computer.security.web-of-trust, comp.security.pgp.announce, alt.security.keydist, gov.usenet.test, aus.net.mail, and chi.mail.

    It will contain a subject line similar to the following:-

    SelfDestructingEmail weekly digital signature summary publication for week ending Sun, 18 Nov 2001 00:00:01 GMT

    Here is a URL of the Google WEB based news archive service for one of the above groups:-

    https://groups.google.com/groups?q=alt.computer.security.web-of-trust&hl=en&btnG=Google+Search&meta=

    Follow steps 2, 3, and 4 above to print, verify, and re-print this digitally signed publication.

    d.         The weekly summary contains digital signatures of daily summary signatures. To print, verify, and re-print the daily summary which contains your individual certificate, click on the link within the "SelfDestructingEmail weekly digital signature summary publication" that contains your certificate serial number. Here is an example URL that displays signatures 9089 through 9206 inclusive:-

    www. selfdestructingemail.com/sigs.asp/show.htm?from=9089&to=9206&sum=9207

    The resultant web page can be marked, copied, and verified because it was itself digitally signed at the end of the day it relates to. Double-check that the last digital certificate on the page matches the one contained in the published version from your USENET news server.

    Follow steps 2, 3, and 4 above to print, verify, and re-print this daily signature summary.


Here are some questions and answers about SelfDestructingEmail Certified Emails and digital signatures in general to help with courtroom interpretation of this technical material.

Q:   What prevents a SelfDestructingEmail time-stamp from being faked, forged, or changed?
A:   All SelfDestructingEmail Certified documents contain a time-stamp indicating when they processed (for email, this is the moment the email was transmitted onto the internet by our service). They also all contain a unique serial number which increments by one for each successive certificate. Certificate number 5678 (for example) was produced before certificate number 5679 and after number 5677. All digital signatures produced by SelfDestructingEmail can be examined by anyone at any time at www.selfdestructingemail.com/postcert.asp. They are signed on a daily basis, the daily signatures being themselves signed and published to thousands of internet servers weekly.

A SelfDestructingEmail time-stamp cannot be changed because the digital signature would fail to verify afterwards.

A SelfDestructingEmail time-stamp cannot be faked because senders do not have access to our server to alter the date or time. Additionally, our server date and time cannot be changed without detection (even momentarily) because the serial-number order of the published certificates would no longer correspond to their date order. The time can not be changed backwards, because the previous certificates would then appear out of order (remember - the previous certificates have themselves been distributed to other users of the service, and have or will be signed and published online). Nor can the time be changed forwards for the same reason. The faked time will always be detected since the person attempting to fake a time will never have access to all the certificate recipients and news servers that would require alteration to support the faked time.

A SelfDestructingEmail time-stamp cannot be forged because this document contains the public key fingerprint of the only acceptable SelfDestructingEmail signature verification key that will function to verify SelfDestructingEmail certified documents. Our private key is strongly protected, and forged times will still always be detectable as for faked or changed times above anyway.

Q:   What prevents a SelfDestructingEmail Certified Email from being forged or altered?
A:   All SelfDestructingEmail Certified Email digital signatures include the email contents within the signature. The email content cannot be altered without causing the "Verify Status" to become "bad" for all the same reasons that the time-stamp cannot be faked, forged, or changed.

It is not possible to produce a verifiable SelfDestructingEmail Certified Email that was never transmitted through the SelfDestructingEmail service, however, as with all internet email, there is nothing to prevent a sender of an email from changing their own "From:" email address and successfully producing a SelfDestructingEmail Certified Email that appears to originate from someone who never in fact sent an email. Note that the victim who is being impersonated will be alerted if this occurs, because all SelfDestructingEmail Certified Emails return a "Proof-Of-Posting" certificate back to the apparent sender, which in the case of a forgery, will not be the real sender.

Q:   What is a digital signature?
A:   It is the result of a complex mathematical algorithm performed on the contents of the object being digitally signed (in our case - the email and it's headers and attached certificate information) A digital signature can only be produced by someone who holds a protected secret key. Each protected secret key has a corresponding public key which anyone can use to verify the digital signature. It might help to visualise a special kind of bank vault with two special keys. One key can be used to lock the vault, but cannot be used to unlock it, while the other key can be used to unlock it, but not lock it. This is the idea behind the public and private keys used to create digital signatures. Only the private key can create them, and only the public key can verify them.

Digital signatures provide a way for someone or something (in our case - the SelfDestructingEmail Certified Email service) to sign something that can later be verified by anyone.

Unlike ordinary handmade signatures on paper, digital signatures are forgery resistant, because the signature becomes unreadable if the document that is signed by it gets altered in any way (and of course, nobody except the signer knows the secret key, which makes them the only person able to sign anything using it).

Q:   What is the connection between my original email, the proof-of-posting certificate, and the proof-of-opening certificate?
A:   Here is how all our certificates are "linked together" to create a forgery-resistant trail of verifiable evidence:

  1. Your original email contained a unique Message-ID (usually inserted by your own email program - you can locate your original email in your "Sent Items" folder to see what Message-ID was assigned to your original message)
  2. When we "certified" your email, we also created a new unique identifier (which we call a "stamp"). We created an MD5 checksum of this stamp, and added a certificate to the bottom of your email which included both your Message-ID, and this MD5 checksum of our stamp (which we now call the "SelfDestructingEmail reference"), and then we digitally signed the body of your email (which now also includes this Message-ID and our reference, and by-the-way - the body now also includes a copy of your email headers too (inside an HTML comment) so these full headers also get digitally signed).
  3. We send you a copy of this "certified" body as your "proof-of-posting certificate". You use your favorite OpenPGP program to verify this signature as part of your preparations for a court case.
  4. We add our unique "stamp" (which was cryptographically generated so as to be resistant to anyone trying to guess it) as part of the recipient's tracking modifications into the headers and body (after the signature) of the certified email, and on-send this to them.
  5. At this point - both you and the recipient have identical copies of your now-certified email body (and original headers) - the recipient copy contains extra tracking data based on our unique "stamp". You have an MD5 checksum of the stamp, but you do not know what the stamp is (so you cannot "fake" a proof-of-opening certificate). Should any certified email "bounce" - we remove our stamp before returning the bounce to you - to make sure that you never know the stamp, and no erroneous proof-of-opening certificates get created.
  6. Your recipient next opens the email, at which point our tracking system receives their tracking data including the stamp. The only thing in existence which had this unique cryptographic stamp inside it is the certified email we delivered to them; so we are absolutely confident that when this information comes back to us, we know that the recipient has displayed the email; so we package up their tracking data and send you your "proof-of-opening certificate)"
  7. This "proof-of-opening certificate" contains the original unique Message-ID and stamp MD5 checksum (in the "certificate" box at the bottom). This new email produced by us is also timestamped and digitally signed - so it will contain a new certificate serial number. We include a lot of detailed tracking information (recipient IP address, location, PC details, ISP details, etc) to make absolutely sure that there is no doubt that the intended recipient opened the email.
      The easiest way to explain the connection between an email and the proof-of-opening to a hurried, non-technically oriented judge is that the certified email's original Message-ID appears in all relevant "certificate" portions at the bottom of all certificates, and that the original email is linked to the proof-of-opening via the plaintext version of the "SelfDestructingEmail reference"; which nobody besides the intended recipient ever had access to. Further; the proof-of-opening recorded the recipients IP, ISP, location, and other information at the time of opening, which (A) help identify that the intended recipient was the actual reader, and (B) cannot be forged by anyone (eg: the sender) without access to the recipients computer and the certified email thereupon.

Providing all signatures verify using OpenPGP, none of the above has been fraudulently altered.

Q:   Why don't you have a certified-email verification service?
A:   We don't offer a verification service - to do so would make it possible for us to create "pretend" verifications; you will need to use a trusted OpenPGP compatible cryptographic product to verify certificates: this ensures that nobody has the opportunity to commit fraud on our certificates.

We recommend you verify all your own certificates and print out the results as part of the documentation you include in any court case. If the validity of signatures is questioned, you may want to have a mathematician (eg: from a local school or university) independently perform these verifications and then explain to the Judge how asymmetric cryptography works, and why (s)he can assert that all emails are the original unmodified versions that genuinely existed at the points in time stated within the certificates.
court