Secure Emails in XML Format Using Web Services

Cryptographically signed email has been widely used to provide the end-to-end authentication, integrity and non-repudiation. PGP mail and S/MIME have the significant drawback that the headers are unauthentic. DKIM protects specified headers, however, only between the sending server and the receiver. These lead to possible impersonation attacks and profiling of the email communication, and encourage spam and phishing activities. Furthermore, none of the currently available security mechanisms supports signature generation over partial email content by distinct signers, which might be useful in commercial scenarios. In order to handle these problems we suggest a new approach which can be considered as an advanced email security mechanism based on the popular XML technology. Our approach supersedes currently available email security standards in the sense of the higher flexibility and security, and can be transported via Web Services easily.