Search Engine Optimization and Analysis for Small Banks and Small Businesses
To prepare for a sales call on a bank in a small Texas town, I plugged the bank’s name into Google--I got a list of many banks, but the one I wanted didn’t appear on the first page, or the second. I couldn’t find anything on this bank until my third Google query. Clearly, this bank had not done the basics of search engine optimization (SEO). Most Texas banks rank at the top of the page for a name query on Google, Bing or both. Unfortunately, some Texas banks cannot be found when searching for them by name on Google and Bing, let alone by “bank city.”
This article is for executives at these banks, for business owners whose business doesn’t show up on a name search in Google and for loan officers trying to help a borrower improve a business’s marketing. The steps outlined in this article would be useful in formulating the tasks in a Statement of Work for the development or maintenance of a web site.
For professionals and businesses that have blogs on other web sites, there is a short discussion of Google Author Tools to help in getting information on your off-website blog postings.
Search engine optimization is one of those things that is easy to do--if you know how to do it. There are thirteen basic steps:
- Register your domain with Google Webmaster Tools
- Register your alternate or old redirected domain(s) with Google Webmaster Tools
- Install a site map on your site
- Register the site map with Google Webmaster Tools
- Set up the robots.txt file on your web site
- Repeat the preceding steps with Bing Webmaster Tools
- Review Google and Bing webmaster tools periodically to identify any errors and to see if the search engines have identified malware on your site (indicating that it has been compromised)
- Make sure that metadata is filled in
- Improve your site with structured data
- Set up Google Author structured data for off-site blogs
- Set up Google Places and Bing Places for Business
- Register with Google Analytics or another analytics provider
- Install Analytics code
Register Your Domain
Purchasing your domain name from Go Daddy, Network Solutions or one of the many web hosting firms does not register the domain name with the various search engine providers--a search engine provider won’t start to scan your website until you register the domain name with them. Registration must be done by someone who has the system authorities to put a small randomly named HTML file into the root web page of the server. The search engine uses this file to prove that the person registering the site is actually the site owner. Once the site is registered, the search engine will start to scan and index it over a period of several days. The sections that follow discuss thing that you should do to control what gets scanned and how to improve your web site to appear higher in search results.
When you register your domain, note that https://yourbank.com, https://www.yourbank.com, and https://www.yourbank.com are all different web sites as far as the search engines are concerned. Decide which one you want the search engine to use in presenting results and identify it as your canonical domain name during the registration process. If you force all traffic to https (a good idea), register only your https domain and make sure to redirect all http traffic on your web site to https.
Register Your Old or Alternate Domains
About ten percent of Texas banks have changed domain names and redirect to a new domain name. Make sure to keep both the new and old domain names registered with each search engine, and make sure to modify the settings on the old domain’s search engine registration so that the search engine knows to point old index references to the new domain name.
Make sure to update the domain name that is used for regulatory reports, as it will be used by third party bank analysis web sites. About 5% of Texas banks have obvious typos in the domain names that are present in the FFIEC database, and another 5% have old and unused domains listed with FFIEC. Part of the algorithm for search rank is based upon other sites linking to your site; if the link is based upon the web site that is listed in FFIEC data, it will point to the wrong location and you won’t get any benefit from the third party link.
Create a Site Map and Register it with Google Webmaster Tools
You’ve probably seen a “site map” link on many web pages and wondered why on earth people put this page out there. It isn’t for humans--it’s for the robots that scan and index your web site. Make sure to generate sitemaps for both text and images, especially if you have relevant graphs or photos of your buildings. Include information about how frequently each page is updated, as this will influence how frequently the search engines scan your site.
For instance, the page with your interest rates should probably show an update frequency of daily or weekly, while the page with your loan application probably would show a monthly or longer update frequency. Figure 1 below shows an example of an automatically generated site map that tells the search engine what URLs are present, the date of last modification, the expected change frequency, and the priority of each page.
Figure 2 below shows an example of the image sitemap for a web site. Notice that this does not include a listing of the logos and stock images for the web site--just the important images for the site. On a bank web site, this might include photos of branches but omit stock photos of office settings.
Once you’ve created the site maps, register them with Google Webmaster Tools. This will tell the search engine robots how often to scan each of the pages on your web site.
Set up the robots.txt File on Your Web Site
The root directory of each web site should contain a robots.txt file--try https://www.google.com/robots.txt. This tells well-behaved robots what parts of your web site to scan and index, and what parts not to scan. At the bottom of the robots.txt file, you should have URLs for your site maps--this tells robots for search engines with whom you haven’t registered where to find your site maps and how frequently to scan and index your site.
It doesn’t make sense for a robot to try to scan and index the Internet banking part of your web site, so that should probably be disallowed. Note: The robots.txt file does not provide security--badly behaved robots can still access any part of your site that is public.
Figure 3 below shows an example of a portion of the Bank of America robots.txt file where the bank has excluded search engine scanning and indexing for a number of login-based portions of the web site and for the mobile version of the web site--they don't want desktop users to stumble upon a version of a page that was designed for a cell phone. If you look at the bottom of the robots.txt file (not shown in the figure) you will find the reference to the sitemap and a comment about the Borneo content management system (CMS) that Bank of America apparently uses and which automatically generated the robots.txt file. The CMS software commonly used by small businesses (Joomla, Wordpress or Drupal) generally does not generate the robots.txt file.
Repeat the Preceding Steps with Bing Webmaster ToolsOnce you’ve completed the steps to register your web site with Google Webmaster Tools, you will have covered the basic set-up for about 75-90% of web searches in the United States. To get most of the remaining searches, register with Bing Webmaster Tools. The process and mechanics are very similar, but getting the site map and robots.txt file set up for Bing is a slightly more tedious and error prone process.
Review Web Master Tools Reports
Once you have your site registered with the various search engines, someone should be assigned to review at least the Google webmaster tools each day, starting with the “Security Issues” section. If your site has been compromised, you will hopefully have found it before the Google robot does; if the Google or Bing robots do find malware on your site, you have an “all hands on deck” level problem.
Don’t be Target and discover the malware weeks after the compromise. Figures 4 and 5 below show the malware reports for Google and Bing webmaster tools respectively.
Both Google and Bing webmaster tools provide information on the number of times your web site’s pages were listed in a search, the average rank and the number of times users clicked on the link for the page. They both also list the keywords used in searches.
Make Sure that Metadata is Filled in
Once you have the basics set up, it is time to turn to the content of your website itself. Use the various webmaster tools to tell you what metadata is missing from your site. At the very least, each page should have a
keywords tag and for images, the
alt tag (this gives a description of the image). Use relevant words—don’t stuff in words that are unrelated to your site, as this will actually hurt your search ranking.
As your site is scanned by the robots, the webmaster tools will start to list the terms that the search engines are using to index the site; if there are concepts and terms that aren’t listed, look at the content of the actual pages and improve the copy to make sure that relevant terms are included in the text of the articles and product descriptions on your site.
description may be used for the synopsis of the web page that Google presents. For example, the search query “loan fee amortization” will probably show the entries in Figure 6 somewhere in the search results. The second item references an article on this web site. The full description tag reads:
This page describes the procedure for calculating the fee amortization and effective yield for loans that involve up-front fees. This is also sometimes called level yield.
Improve your Site with Structured Data
Once you have the content on your site set up and the basic metadata in place, you can start to enhance how your site is displayed by the search engines. To do this, start to set up structured data which is sometimes referred to as microdata. If you Google “bank of the west” you will (probably) see a well organized search result for a Bank of the West web page as the first result, as shown in Figure 7. You may get a California bank or a Texas bank, depending upon what Google thinks you want. In either case the display is probably due to a good implementation of structured data on this web site.
Your structured data should include implementations for the bank, branch locations, hours, key people listed on your web site, products and promotional offers.
- Structured data for an organization.
- Structured data for an address.
- Structured data for hours of operation.
- Structured data for a person.
- Structured data for an product.
- Structured data for an offer.
There are three ways to mark up pages--microdata (recommended by Google), microformats and RDFa. A discussion of the differences is beyond the scope of this article. For small business web sites, the format will probably be determined by the plugin that you select with the exception of the About, Contact and People pages on the site which will probably be coded by hand. For more examples, use the search terms rich snippets, microdata, and structured data.
Set up Google Author Structured Data for Off-site Blogs
Small business owners and professionals who maintain blogs on other web sites should consider setting up Google authorship links. This will alter the search results display to give the name of the author and potentially a photo of the author. Through Google Webmaster Tools, you can get some basic impression and click-through statistics on blog entries where you might otherwise have no meaningful information. To set this up, follow these steps:
- Create a Google+ profile
- Add the sites where you blog in the “Contributor to” section of your profile
- Somewhere in each external blog post, add
<a href=https://plus.google.com/u/0/xxxx?rel=author>A link to your Google+ profile</a>where xxxx... is your Google+ profile ID.
- On your website, install the necessary plug-in to your Joomla, Wordpress or Drupal web site to automatically generate the Google+ link for the author
Once you have this set up, you can use the author stats in Google Webmaster Tools to keep track of the number of times your external blog appears in a Google search, its average position in search results and the number of times people click through to the blog entry. This will help you gauge the effectiveness of your marketing efforts on external web sites, but it will not give you information on the search terms used.
To understand how Google uses authorship in display, Figure 8 below provides an example from the query “loan fee amortization” and the resulting article on this web site. Note the author prefix and the name of the author. In some cases Google will display the photo from the Google+ profile. Note also that in this case, the display synopsis is taken directly from the
description metadata tag.
Set up Google Places and Bing Places for Business
Once your web site is in order, you should begin to look at locality improvements to search and set up Google Places and Bing’s counterpart, Places for Business. This will help for queries like “bank grapevine texas.”
Sign up for Google Analytics or Another Analytics Provider
Once you have the basics of your search engine optimization done, you should sign up with an Analytics provider like Google Analytics, which is free. The steps to authenticate ownership of the site are similar to the steps for setting up Google Webmaster Tools. Once the webmaster has enrolled your site, have one or more people in your marketing department set up to use the web analytics tool to understand how your web site is used.
The web analytics tool should inform your product development and product bundling—the order in which people view the articles on my web site has absolutely influenced my product development plans. How to use web analytics is beyond the scope of this article.
Install Analytics Code
The steps in this article provide the basic search engine optimization steps that will get your bank or business listed at or near the top—when someone is looking for your organization by name. The steps in this article should be viewed as a starting point for search engine optimization.
- Written by Bruce Moore
- Hits: 7374
Email Security Part 2: Digitally Signing Your Email
This is the second in a series of articles on how to secure your email. Securing Your Email Part 1: Verifying the Sender covers the reasons for setting up your email clients to send and receive digitally signed and encrypted email. If you haven't read it, the procedures in this article will be easier to follow if you have already read Part 1.
In this article, we'll go through the process of setting up a private key that you install only on your computer, and a public certificate (public key) that is attached to your email and which others will use to encrypt mail sent to you. Your private key and the certificates should be stored in a password protected file, and generally shouldn't be kept on your computer except where they are installed in the Operating System or your email client, where they are protected by encryption.
If you want to find out more about how all of this works, Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age by Steven Levy is a good non-technical book on how public key encryption works.
This article covers how to obtain an S/MIME certificate and how to install and use it on several major email clients:
- Obtaining an S/MIME Certificate for Your Email Address
- Installing and using the S/MIME Certificate on Thunderbird
- Installing and using the S/MIME Certificate on Microsoft Outlook
- Installing and using the S/MIME Certificate on Mac OS X Email Client
- Installing and using the S/MIME Certificate on an iPhone
Note that some illustrations show “StartCom” certificates. This article was originally written when StartCom was a reliable certificate vendor. In 2016, it was purchased by another vendor and issued some fruadulent certificates; it was subsequently removed as a Certificate Authority from most browsers and email clients. At some point I will go back and update all of these screen captures.
Obtaining an S/MIME Certificate for Your Email Address
There are a number of S/MIME certificate vendors that can provide you with a certificate to use for S/MIME email signing and encryption (kind of a mouthful sentence isn't it). Here are a few that offer free email certificates, although it may be hard to find the free offerings on some sites:
There are numerous other certificate vendors. As a rule, stick to one that offers an "Extended Validation" certificate, even though you won't be using one of these. This generally guarantees that the vendor's Certificate Authority root certificate will be installed as part of the Microsoft, Apple, and Android maintenance streams and that neither you nor the people with whom you correspond will need to accept a root certificate (there is risk in accepting root certificates). There are a couple of "Community Certificate Authority" services, but they generally don't have their root certificates accepted into the operating system maintenance streams.
For the free low-verification (Class 1) certificates, the vendor will send you an email with a link that you need to click on to verify that you are the email owner. If you want to pay for an Individual or Organization Class 2 certificate or an Extended Validation certificate, you will need to supply a driver's licence (or passport) and other information that the vendor will use to verify your identity and authorization to obtain and control the certificates. You pay for the investigation--not the certificate, so make sure that you have all of the documentation together before applying so that they investigation is successful.
The tutorial that follows is for Comodo, the vendor that I have used.
If you are using an Apple, computer, do all of this in Safari rather than Firefox or Chrome, even if those are your normal browsers. If you do this in Safari, it will automatically place the certificates in the Keychain where they are directly usable by the OS X email client. If you do this in Firefox or Chrome, the certificates may stay within the browser's keystore, in which case you will need to export them and import them into the keychain.
Similarly, if you are on Windows, do this under Internet Explorer, as it may place them directly in the Certificate Manager (same thing as Apple's keychain) without any intervention on your part. In either case, you will still need to make an off-computer back-up that is stored in an encrypted file.
- From the home screen, select "Sign Up Now" in the lower left corner
- Wait for the selection list for “Private Key Options” to appear before you start to enter your identification information. Unfortunately, the screen will paint without any indication that the key quality option will appear; while it is doing this, Firefox is generating a random number that it will use to generate a private key and then a “Certificate Request”. It will take Firefox a couple of minutes to generate the private key. If you proceed with entering your personal information, Comodo will come back with an error message that Firefox did not send a Certificate Request. Protect the private key and certificate as you would a password, and make sure to store a backup copy.
- Go to your email and click on the “Click and install Comodo Email Certificate” link.
- Firefox will automatically import the certificate into the Firefox Certificate Manager. If you use Windows Explorer, it will import it into the Windows Certificate Manager.
- It will install the certificate in your browser's keystore. For Safari on OS X, this is shared with the OS X email client--if you restart your email program, you can skip to Installing and using the S/MIME Certificate on Mac OS X Email Client.
- When you get back to the Control Panel, go to the Validations Wizard and validate all of your other email addresses.
- In Firefox, backup the certificates to a USB drive that you can store safely. It will prompt you for a password. Use a strong one. You will use this file to import certificates into Thunderbird, Outlook on your laptop, your iPhone or other devices that you use.
- Note that all subsequent illustrations show “StartCom” certificates. This article was originally written when StartCom was a reliable certificate vendor. In 2016, it was purchased by another vendor and issued some fraudulent certificates; it was subsequently removed as a Certificate Authority from most browsers and email clients. At some point I will go back and update all of these screen captures.
- If you use an OS X machine, you should back up your certificates to a USB drive that you can store safely. Use the keychain access program. You will need to select the private keys and certificates for each email address. In most areas, OS X is the easiest platform for S/MIME, but in this step, it is the hardest and most error prone. Select File->Export Items. It will prompt you for a filename and file type--take the default .p12 file type. When prompted, use a strong password.
- If you use Windows, you should back up your certificates to a USB drive that you can store safely. Use Internet Explorer or run certmgr.msc. The instructions that follow are for Internet Explorer.
- In Internet Explorer, select Options->Content->Certificates
- Next, select Export
- When it prompts, select "yes" to export the private key. It will require a password--use a strong one.
When you have finished generating and backup up your certificates and private keys, you are ready to copy install them on other computers or devices. The next sections show you how to install your certificates and private keys on other devices so that you can digitally sign and encrypt emails on all devices.
Installing and using the S/MIME Certificate on Thunderbird
Installing and signing email on Thunderbird requires installing your private key and certificates, assigning the certificate to use for each email account, and setting the default value for whether or not to digitally sign and/or encrypt each email.
Installing your Private Key and Certificates on Thunderbird
The first step in setting up Thunderbird is to install the certificates that you obtained in the previous step. To do this, go to Edit->Preferences->Advanced->Certificates. You will see a display something like the figure below. Select Import and go through the dialog to find the backup file with your certificate and private key from your USB drive. It will prompt you for the password to open the backup file and then it will import them to the list under "your certificates."
Setting the Certificate to use for Each Email Account
The next step is to go to each email account and select the certificate for that email account and set the defaults that you want to use as in the figure below. The whole point of this exercise is to authenticate your email, so go ahead and check the "Digitally sign messages" box.
If you check the encryption box, understand that it will only work for email recipients for whom you have a certificate--probably not very many people at this point in time. If you CC a bunch of people, you would need certificates for each of the people that you have cc'd. The email is stored unencrypted on your disk drive; the recipient may choose to store it encrypted or unencrypted.
Sending a Signed and/or Encrypted Email
Finally, we are ready to send a signed or encrypted email. Note that if you choose encryption, the sender, recipients and subject line are never encrypted...just the contents. The figure below shows the "send" dialog on Thunderbird--notice the S/MIME pulldown on the toolbar. To change whether or not the email is signed or encrypted, just click on one of the items in the pulldown. If you select "View Security Info" it will give you a dialog box with information on the certificates of the recipients.
Installing and using the S/MIME Certificate on Microsoft Outlook
To sign and encrypt email on Outlook, you must first install your private key and public certificate. In Outlook
- Go to File->Options->Trust Center->Trust Center Settings->Email Security. Put a check mark in the setting to digitally sign emails by default.
- Within Trust Center, go to E-Mail Security and select Import/Export and use the Browse button to locate the .p12 file; enter the password for the certificate backup file and a name. The name doesn't appear to need to match up to anything.
- Accept the default of "medium" for the access level for this private key and certificate. This will prompt you once for each certificate in the file, but it won't give you an indication of the certificate that it is importing.
- If you want to review the certificates that you imported, use enter certmgr.msc in Run Program.
Sending Signed Email
Sending signed email the first time will generate a couple of one-time only promopts. To start off, let's make sure that we have set the defaults:
- Start a new email and then go to File->Properties
- Select Security. The check box for digitally signed should be checked
- When you hit "send" you will get a very cryptic prompt to ask for access the private key that is needed to digitally sign (or encrypt) the email. Select "Allow."
Installing and using the S/MIME Certificate on Mac OS X Email Client
Installing your Private Key and S/MIME Certificate on Mac OS X
The first step in sending digitally signed email is to install your private key and certificate on Mac OS X. To do this, take the key backup file (.p12 file type) and select it from finder. It will prompt you for the password to the backup file. When you enter the password, it will automatically import your private key and certificate into your keychain (keystore) and bring up the Keychain Access application. You do not need to do anything more, though it may be interesting to see all of the keys and certificates in the keychain. If you look around, you will see both the certificate and the private key that you just installed for your email account. If you have received signed email previously, you will see the certificates from those senders.
Sending Signed Email
Since we installed our private key and certificate in the previous step, the "send mail" window changed--it will now have a lock icon and a check-mark icon immediately to the right of the signature selection control as shown in the figure below. The digital signature property is now selected by default but the lock icon will show as unlocked until we enter a recipient from whom we have a certificate.
If you change the signature property, it will stay unchecked for subsequent emails until you change it back to checked.When you send an email the first time after you install your key and certificates, the email client will ask for access to your "keystore." You will need to allow access, otherwise the email client will not be able to sign and/or encrypt the email.
Sending Encrypted Email
To send an encrypted email, enter the email recipient in the "To:" area, and select the lock icon. If it won't lock, that means that you don't have a certificate for this person, and you can't send them encypted email. If you do have a certificate, it will now lock (encrypt) for all email sent to that email address unless you unlock the icon.
It is important to remember that you must have a certificate from someone before you can send them encrypted email. When you receive a digitally signed email from someone, the Mac OS X client will automatically install their certificate in the keystore for you.
Installing and using the S/MIME Certificate on an iPhone
If you haven't already done so, you should make sure to set a lock password on your iPhone so that if you lose your device, your email isn't compromised. Similarly, make sure to set the remote wipe capability.
The hardest part in setting up an iPhone to send digitally signed and encrypted email is getting the certificate backup file onto the iPhone. Here are the steps to do this:
- Export each certificate as an individual backup file.
- Copy the files to the iPhone using one of two methods:
- Copy each certificate file to iCloud drive
- Email it (easy, but probably less secure)
- Select the file and follow the prompts to enter your iPhone lock code followed by the certificate backup password.
Once you have the certificates installed on your phone, you will need to go into settings to set up your email account to use it to send mail.
- Open settings and choose “Accounts and Passwords”.
- Select the account where you want to use the S/MIME certificate.
- Select the email account account again at the right arrow.
- On the account settings screen, open the “Advanced” settings.
- On the Advanced Settings screen, enable S/MIME and select “Sign”.
- On the digital signature screen, select the certificate that you want to use for this email account.
- Written by Bruce Moore
- Hits: 9902
Part 1: Verifying an Email Sender's Identity
Recently, someone hacked the Gmail account of "Susan", one of my wife's friends, and started sending emails with a link to a website that presumably would attempt to install malware on the recipient's phone or computer. My wife was suspicious of the email and replied asking if this was a really Susan. The response came back quickly...yes it was Susan and she should click on the link for the really cool photo. Still suspicious, my wife called Susan, who said that she did not send the email and was understandably apoplectic that someone else was in control of her Gmail account.
My wife sent a note to all of their mutual friends telling them about the compromised email and not to click on any of the links--Susan couldn't send the email, because she didn't have control of the account. A friend replied that she had almost been fooled, and was about to click on the link. Her antivirus software might, or might not have stopped the malware attack.
Receiving spoofed or hacked email from a trusted friend's email address is all to common today. How can you tell that your friend is actually the person that sent the email? Fortunately, there is a way to do this, but it isn't really used all that often. The article that follows will tell you how to set things up to tell whether or not the email you receive is from a trusted friend--if they take some steps on their side as well.
The article will cover setting up your email clients to receive Secure/Multipurpose Internet Mail Extensions (S/MIME). S/MIME is a protocol that allows a sender to digitally sign an email to authenticate themselves, and to allow you to send encrypted email to them. It is based upon the signer obtaining an SSL certificate from an authorized Certificate Authority (CA). To digitally authenticate the email that they send, your friends will have to obtain and install a certificate. To authenticate the email that you send, you will need to obtain and install a certificate. This article discusses how to receive S/MIME email. A separate article will discuss how you can send S/MIME email to authenticate the emails that you send and to allow others to encrypt emails sent to you.
The article covers the following topics:
- Choosing phone and email clients that support S/MIME
- Receiving a digitally signed email on an iPhone
- Receiving a digitally signed email on Thunderbird (Windows, Mac and Linux)
- Receiving a digitally signed email on Microsoft Outlook
- Receiving a digitally signed email email on OS X email client
- Receiving a digitally signed email on Firefox for a Gmail account
Choosing phone and email clients that support S/MIME
There are many email clients that support S/MIME, but the following are some of the popular clients that offer support
- Microsoft Outlook
- Gmail within Firefox with "Gmail S/MIME" or "Panango" add-on. Panango is also available for Microsoft Internet Explorer
The following popular email clients DO NOT at this writing support S/MIME email. This is not a comprehensive list.
- Gmail within Chrome/Chromium
Choosing a phone that supports S/MIME is easy--get an iPhone. align=center although there are corporate S/MIME email solutions available for Windows, Android and Blackberry, the iPhone is the only one with a convenient consumer solution. If someone knows of a client for these devices, please, please tell me.
On Android, Dgigzo, R2Mail2 and a few others offer consumer email solutions, but they aren't really all that convenient--you have to know a number of settings for you email server to get them working.
I haven't been able to find consumer S/MIME clients on Windows and Blackberry.
Receiving a Digitally Signed Email on an iPhone
Turning on S/MIME for an iPhone
Since my wife and many of her friends do most of their email on an iPhone, that is the first device that I'll cover. Surprisingly, you have to turn on a setting to receive S/MIME email--it isn't on by default.
For each email account on your iPhone, go to the Advanced settings and turn on S/MIME as in the screen capture below:
Notice that the Sign and Encrypt sliders are still turned off--we will turn those on in the article on setting up to authenticate the email that you send. For now, let's look at an email to figure out how to tell if it was digitally signed.
Receiving a Digitally Signed Email on an iPhone
In the email below notice that blue circle with the check-mark that you've never seen before, and which only shows up on some emails. This circle means that the email was digitally signed and that the iPhone client has verified the signature against the Certificate Authority. If your phone does not have a data connection when you open the email, or the signature is invalid, it will show up as red.
Since all of my email is digitally signed, my wife knows not to trust any from me that does not have the blue circle.
To find out more about the sender, select the sender's name to get the address book entry
Viewing a certificate, then installing it
From here, select "View Certificate" to look at the information on the certificate.
Installing a certificate...this allows you to send encrypted email to the person named on certificate
The "View Certificate" screen shows which Certificate Authority issued the certificate and whether or not it has been validated against the CA. For untrusted certificates, you can view the reason for the problem. You might accept a recently expired certificate, but you shouldn't do that as a standard practice. Email certificates are usually good for one year.
The next step is to install my certificate on my wife's phone so that she can send encrypted email to me if she wishes. Select "Install" and that's about it. If you send or recieve enctyped email, it is imperative that you have antivirus scanning software. Most email providers have some antivirus scanning capability in their servers, but these scanners cannot scan an encrypted email or attachment--that can only be done by antivirus software on the client after it decrypts the email.
View the certificate chain
If a certificate from someone that you normally trust shows up as untrusted, the most likely cause is an expired certificate. Most commonly, the person forgot to renew it and get a new one (you will have to install the new one), but sometimes it means that you are woefully out of date on your device software.
In the certificate chain below, You will notice that the Certificate Authority root certificate installed on the phone has an expiration date. Apple distributes updated root certificates as part of the IOS maintenance process. If you haven't applied maintenance in a long time, some of your root certificates may have expired. This will cause the email sender's certificate to show as untrusted even though it has not expired. Never, ever install a root certificate unless it is part of the normal maintenance stream for your device.
Receiving a Digitally Signed Email on Thunderbird (Windows, Mac and Linux)
Thunderbird is an old email client that runs on Windows, OS X and on Linux. To receive digitally signed email, you don't need to do anything. In the figure below, the small envelope with the red sealing wax in the email header indicates that this email was digitally signed. If you click on the envelope icon, it will give you information about the certificate.
Receiving a Digitally Signed Email on Outlook
In Microsoft Outlook, the red ribbon in the email header indicates that the email was digitally signed. Clicking on the ribbon icon will give you information about the certificate.
Receiving a Digitally Signed Email on OS X Email Client
In the Apple OS X 10.9 email client, there is no default display of whether or not an email was signed.
To find out if the email was signed, you must select the "Details" text in blue, which will display the certificate information shown below. Once you turn on the details display, it will stay on for reading other emails.
Receiving a Digitally Signed Email on Firefox for a Gmail Account
The first step in using S/MIME to sign or encrypt Gmail using a browser is to install a browser and extension that supports S/MIME signing and encryption. At this writing, Chrome doesn't have add-ons or otherwise offer the support for S/MIME certificates. On Firefox, the Gmail S/MIME and Panango add-ons provide S/MIME support, but I was not able to get either one to work on Firefox 28.0 on Ubuntu Linux. Panango is available for Microsoft Internet Explorer, but I have not attempted to use this configuration.
The preferences for S/MIME and Panango are needed for sending email but not for receiving it.
Sending Digitally Signed Email
To send digitally signed email, go to the next article in this series Email Security Part 2: Digitally Signing your Email
- Written by Bruce Moore
- Hits: 12890
The February 22, 2014 DFW R User Group presentation will survey the graphics capabilities in R. The presentation covers
- gnuplot (not part of R, but a useful graphics tool that everyone should know).
- Basic R plot command
- ggplot2 graphics package
- lattice graphics package
- rgl visualization package
- qrencode for generating two dimensional bar codes (not part of R, but very helpful)
- Imagemagick graphic file conversion utility (not part of R, but very helpful)
The emphasis will be on doing basic plots in each tool and then discussing which tool to use for a particular graphics task.
The presentation file is available at here. Because the presentation includes a lot of graphics, it is about 6M.
- Written by Bruce Moore
- Hits: 2347