How to Get a Verified Email Badge (Extremely Rare)|how to get a verified email badge extremely rare on facebook

 

How to Get a Verified Email Badge 

intro👇

  Have you ever looked at those influences whothink they're so cool with their verified Twitter and Instagram badges? Me too.. Me too... * Bruh Sound Effect #2 * But there is one verified badge anyone canget, but counter-intuitively virtually no one has. And that is for your Email account. Yes it's actually a thing, you can see hereI did it for my generic test email account which is nothing special, and in Apple Mailit shows an actual check mark, in Gmail it shows a green check, and in outlook it showsthis ribbon badge. And yes of course, the whole point of thisvideo is that I'm going to show you how to get it yourself. And by the way, no, this is not any kind ofdumb trick like putting some emoji next to your account name, it's a legit special badge. And it's free, mind you. Now, don't be intimidated by the video length,it will be worth it, and I'll put timestamps in the description if you need to come backto different instructions, but also don't just skip a head because I need to explainsome context first that you'll want to know, like what the heck this badge is even forand why it

what does it mean?

 Now I can hear some of your questions alreadylike, "wait a minute, if anyone can get one of these, why is it so rare?" Well the answer is because it's usually apain in the --- to set up if you don't know what you're doing, which by the end of thevideo you will. You see these 'verified' badges in the emailsoftware are not actually like verified badges on social media. But rather they signify that an email hasbeen sent with a certain security protocol called "S/MIME", which is a feature supportedby almost all email clients. And I guess it's just rarely used becausethis level of security is just not really necessary. However, I think once people realize thatyou can get a super rare badge appearing next to your emails, that might get people's attention. What's really funny is the S/MIME protocolhas been around since around 2004. But despite that, I have literally only seenit used ONCE, which was an email from some crypto exchange marketing email. And it had a badge in Apple Mail and immediatelymy reaction was just... what. is. that. I had never seen it before. So I saw that when you click on the thing with badge,it says "The sender signed this message with a trusted certificate", and I also lookedin the Gmail web interface which said something similar, so I knew it wasn't just an Applething. And long story short, after quite a bit ofdigging, I figured out that it uses that S/MIME protocol I already mentioned, and specificallyyou need - tech jargon warning, an: S/MIME Email Certificate from a Root CertificateAuthority, sometimes just called an "email certificate".

minimum requirment need?

 And to answer a few more quick things you'reprobably wondering: It should not matter what service you use for email, whether Gmail,Verizon, AT&T, Comcast, whatever. Instead what matters is the the email clientsoftware, such as Outlook, or Apple Mail, whatever. Most web interfaces for email services likeGmail do not actually let you add certificates to emails when sending, but if you use Outlookfor example to send through gmail it will work. Another thing I'll point out is the personon the other end does NOT need to do anything special for the badge to show up, this issupported by default by almost all email clients. Again it will be presented different dependingon the client, but considering Apple Mail alone on iOS, iPad, and Mac makes up over50% of the email client market share,

S/MIME EXPLAINED

 most people will see some kind of badge like thisone. Now before I get into how to get one of thesecertificates and how to set it up, let me quickly and simply explain what it even is,without getting too technical. And yes, it is important to know so just bearwith me. In the simplest terms possible, an email certificateis like a two-part digital key (made of a public and a private key) that is tied toyour email address. You can use the certificate to 'sign' youremails in such a way, that the person receiving the email KNOWS that only the person withthat original certificate and private key could have done so. The purpose of the public key is to send alongbasically as an identifier, you can think of it as. But here's the other important part of this. You see, anyone can just create their owncertificate and say "uh yea I own this email address". That's where the Certificate Authorities comein. These are companies that make all sorts ofother certificates like SSL ones for encrypting websites. There are only a handful of these companiesrelatively speaking, and all of them are universally considered trustworthy and secure by everyother company around the world. So what these companies do, is they have theirown secret so-called "root" certificates, again that are universally recognized, andthey can use to sign and verify all sorts of other lesser certificates for anyone whowants one, usually for a price though. So in the context of this video, a reallyeasy way to understand it, is what happens is we go to a certificate authority, who firstconfirms we control some email address like "whatever@example.com". Then they issue a signed certificate, so thatwhen we send it along with our emails, then Apple, or Gmail, or whatever service seesit, they'll say "ah an email from whatever@example.com, oh what's this? It included a certificate, well it matchesthe email address, but that doesn't mean much, anyone could have made this... Oh wait I see the certificate was signed byXYZ authority who I do trust..." Then they'll check, "hey XYZ authority, didyou actually sign this certificate?" to which they'll respond "yea I did it's legit, beforeI gave them that certificate I made sure they own that email address." And then, the email service will be like 'cool'and show the badge that it was a trusted certificate. And just a contrary example, if you were tojust send along some random certificate you made yourself, it would look like this onthe other hand, because even though it matches 

ABOUT EMAIL CERTIFICATE IN DETAIL

the email, the software has no idea whereit came from, so it's basically useless. Alright so now you know what's going on, let'sgo over how to do it. I will warn you, this is going to get somewhattechnical at times. It's not hard per-se once you know the steps,but you'll soon see why I wanted to explain all the certificate stuff before, becauseit will make it easier to follow along if you sort of know what's going on at each step. And think of it this way, maybe it's not abad thing that it's not easy, because it makes it more exclusive for you. Right, so the first thing we need is to getan S/MIME Email certificate from a trusted authority. Years ago there were plenty of them offeringthese certificates for free, so if you were to now search "free S/MIME email certificates"you'll mostly find older articles, and even an old web page from Comodo who used to offerthem, the page is still there, but the links on it are dead and they no longer offer these. And most of the articles and posts I've beenreading recently were all saying there is no way to get free certificates anymore, butthat is not true. I was able to find the last certificate authoritythat is offering free S/MIME certificates, and that company is called Actalis. They're an Italian certificate authority,but it doesn't matter where they're based, because they're recognized as a root authorityglobally, that's the whole point. And you can see even on Google's support pagelisting trusted certificates for S/MIME, there they are. And real quick by the way, the reason I emphasizedthat they're the last one, is if this video becomes popular enough and a ton of demandappears for these certificates, there's nothing guaranteeing they won't start charging inthe future, in which case you'd just have to instead go to the company of your choiceand buy one. These certificates really aren't expensiveanyway, other authorities offer them for only about $20 per year, but still. So if you ever need some business servicesthis Actalis company offers, give them a shot. This isn't sponsored or anything, I thinkwe should just support companies that do things we like like offering free certificates whenno one else will. OK... with all that being said..

WALKTHROUGH

 I mean jeeze how long are we into this videoand I'm only now starting the walkthrough. Well just think of it as filtering out thelazy people, so it's more exclusive for you patient viewers.

AQUIRING THE FREE EMAIL CERTIFICATE

 So now the first thing to do is to get thecertificate. So go to Actalis' page where you'll enteryour email you want to verify, which I'll put in the description. You just type in your email, prove you'renot a robot, and click send the verification email. After a couple minutes you should receiveit, but be sure to check your spam box too, it went in there for one of mine. Now at first you'll see in the email thatit's all in italian, but just scroll down because they included the same text in englishtoo. Though all you need is the long verificationcode anyway, so just copy that, and paste it into the box back on the first page. Then you should obviously read the differentterms and conditions, and if you agree, check those boxes and click Submit Request. Next this critically is important, it willnow take you to a page with a password, which you'll need to install the certificates onyour devices. This password won't be shown to you ever againand can't be recovered, so make sure you save that in a safe place maybe print it out, wewill need it shortly. But don't just leave it lying around on yourdesktop either. Because if someone somehow gets hold of yourcertificate file we'll look at in a second, they could use the password and that togetherto impersonate your email address. Next you can go to your email and wait forthe email with your new certificate attached. Now this certificate will be valid for 1 year,and then you'll have to get a new one. 1 year might not seem that long but actuallyit's pretty good. Even if you were to buy one somewhere, theyusually max out at 3 years, and a lot of other free ones used to be for like 30 days. Also you actually don't want it to be validforever, because if somehow it got stolen, someone could just impersonate you foreveruntil you realize it, or they could save it and use it years down the line at the perfector worst opportunity. Whereas if it expires, even if the worst happensand someone is able to steal it, it's only useful to any bad guys for a limited time. However if you do find out it's stolen, youcan actually report it stolen and they can invalidate it so it can't be used anymore. To do that you just use the link in the emailalong with the User code and Private code listed there. So download the zip file and extract the pfxcertificate file somewhere you'll remember, and actually give it's own folder, it willmake things easier later. You should also probably back it up, but sinceit's only valid for 1 year, as long as your email service saves your emails at least thata year, you could always just redownload the attachment. But again, you will need that password shownto you before. 

INSTALLING THE CERTIFICATE

So now that you have your certificate, nextwe need to install it on our devices. First I'm gonna do on Windows and Outlook,and then on your iOS or mac for Apple Mail, since those are by far the most popular clients. Unfortunately the Gmail web client does notlet you attach a certificate to get this verified thing. To be clear again though, that's just thegmail web interface, if you have a gmail email address it's fine, you just have to send theemail with supporting software like Outlook or Apple mail or something. Alright now no matter what email client you'regonna use, even if you just want to use this on your phone, you'll still need to installthis on Windows first, and I'll show you why in a second. To install it, just double click the pfx fileyou downloaded, and select 'current user', then click next. Here it will already have the file locationentered so you can click next again, and here is where you need to enter the certificatepassword, which is the one from that page. On the import options, the only one you mightwant to change, if you want to change the password later, is to check the box to enable"Mark this key as exportable". I'm not going to get into how to re-exportthe key and all that, that's something you can look up by yourself. And that's because as the file is deliveredhere, it should work on all the devices. You might also choose the option that makesyou enter the password every time you want to use it, but that might be a pain, so it'sup to you, I didn't bother. Also I want to be clear the settings you chooseare only going to apply on this Windows computer, it's not changing the certificate file inany way, it's just importing it into Windows with these settings. On the next page, just let it automaticallyselect the certificate store, hit next, then finish, and it should say import was successful. 

EXPORTING ENTERMIDIATE CERTIFICATE

Next, before we configure our email clients,there is one more important step that might be necessary for certain software, which isto get the intermediate certificates for the authority, but don't worry it's way easierthan it sounds. In the start menu just type "certificate"and click the result called "Manage User Certificates". There's another one called "manage computercertificates", but that's different the one we're looking for is not going to show upin there. Now this will bring up a window showing anyother certificates for the user, which there are many for all sorts of purposes, but wewant to go to "Personal", then "Certificates", and look for the one that has our email address. If for some reason there's others in therethat mentions your email address, just look for the one that says issued by Actalis, andalso the expiration date is exactly 1 year from today when you registered it, plus orminus a day because of time zones. So double click the correct certificate andthen go to the "Certification Path" tab. This shows basically the 'chain of custody'(you can think of it) of signatures on your certificate, leading back to the root authority. Our is at the bottom, which was actually signedby an intermediate certificate, which was in turn signed by the root certificate. And yes this will become relevant it wasn'ta useless tangent, but for now we need to actually export the intermediate certificatefor later, you'll see why then. So click to highlight the middle one, thenclick 'View Certificate', and go to the 'Details' tab. And also drag this window to the side a bitso it's not on top of the other one, you'll want to be able to read off the bottom one. So in this new window, click 'Copy to File',then click Next, then keep the default format and click next again, and it will ask youwhere to save it. Just browser to wherever you have the mainpfx file and put it in the same place just so they're together, that's why I suggestedto give it's own folder. And for the name, you can just read off thewindow below and name the file the same as the certificate to make it easy. Then just hit next, then finish, and it willsay successful. Now this next bit probably isn't actuallybe necessary, but I would just do it anyway, which is to do the same thing and export theroot certificate also, which is the top one in the chain. Then just put it the folder with the othertwo and name it as the root name. That way you have a copy of the whole chainjust in case, but you'll realistically only need the middle one and your personal one. Alright now we're getting to the good part. At this point we have all the certificatesready to go and organized, so we can actually get into actually configuring the differentsoftware to send those emails. So now let's configure Outlook to send signedemails. And I'm using Office 365 Outlook specifically,which is the latest version but it should be basically the same for Outlook 2019 and2016. If you use Outlook for Web, you can just lookup the specific instructions for that from Microsoft, I do believe that still supportsit

SETTING UP OUTLOOK

 Alright so in Outlook I'm assuming you alreadyconnected outlook to your email account so you can send emails from outlook and stufflike that. After you do that, go to the top left andclick File > "Options" at the bottom > Trust Center > "Trust Center Settings" button > EmailSecurity. The first thing to do is go through a fewcheckbox options. Here, make sure you DO check "Send clear textsigned message when sending signed messages". This basically makes it like a regular email,we just send the signature along with it, so if the recipient's client for some reason doesn't supportS/MIME protocol, it's no big deal, they'll still be able to read it. Finally, if you want to enable signing emailsautomatically by default, at least for email addresses that have certificates, you cancheck "Add digital signatures to outgoing messages", but I would hold off on that fornow until you've tested it out and made sure everything works first. Now what we need to do is click the settingsbutton here. The window it pops up will probably be allblank the first time, but if it's not, such as if you're doing this for multiple emails,or maybe there's some other existing security policy in there, if there is, be sure to firstclick "New", which will create a new separate entry we can use. And in that case, if there was an existingone and you click New, the previous entry will be still available through the dropdown. Otherwise if you don't click new and juststart changing stuff, it would overwrite your existing entry, which you don't want. In any case though, once you have a new blankentry, type in a name to make it easy to identify, like your email address then "email certificate"or something like that. Then Uncheck the top checkbox talking aboutdefault security setting. We don't want these as default, just for theircorresponding email accounts. Now, next to where it says 'Signing Certificate',click choose. This will bring up a window to select thecertificate, you might have to click "more choices", but just look for the same certificatewe've been using, which has your email address in it. Because we installed it to our Windows profile,it should be right in there, so click to select the right one, make sure it the info at thetop is for the correct one, and then click OK. Ok this next bit is important so pay attention. You'll see it has filled in the rest of theboxes, but where it says "hash algorithm", we need to change that to "SHA256". If you keep it on SHA1, which is an outdatedalgorithm, it will work for some email software like Apple Mail, but for others it might not. In Gmail for example if you use SHA1, it willsay "The signature uses an unsupported algorithm. The digital signature is not valid". Which is obviously not good, so make surethese are set to SHA256 and AES 256 Bit. Finally, make sure the bottom check box isenabled, the one talking about sending the certificates. I think it is on by default, just double check. Now we can just click OK on all the windowsto go back down, and we are finally ready to test it out! So go to your inbox, click New Email, justmake sure it's from the right one we just set up. Then add whatever text to the subject andbody, this is just going to be a test email to yourself or another email account you have. But before you click send, we have to chooseto sign it. This can be found at the top in the "Options"tab, then look for the "Sign" icon that looks like this ribbon. When you click it, it will darken to showit's enabled, and you're ready to send! Before the moment a truth, a couple noteshere. If you want to add the Sign button to themain tab for easier access like I did here, just right click the ribbon menu and hit "customizeribbon", then on the right, click "New Group" to make a custom group, name it what you want,then on the left, just go to the dropdown to All Commands and scroll down to where yousee the Sign icon. Now I have a second orange one which someother software added as a plugin, just ignore that. So just make sure the custom group is selectedon the right, then click the 'Sign' icon on the left, and hit "Add", then OK. Now it should be right there always easilyaccessible on the main tab. Second note, you will have to remember toclick and enable the 'sign' button for every email you send. You can go back to that other setting I showedyou before, which will make it enabled by default, then if that's enabled, you can individuallyselect when not to sign. Third note, if you do set up multiple certificateswith multiple emails, outlook will automatically sign the emails with the correct one for thataddress, so you don't have to pick which certificate to use every time, it does it automatically. And now with that being said, we can click'Send' and see what happens. If you sent it to yourself, you'll probablysee it show up right in Outlook, and it will have a similar looking ribbon to the rightof it. If it's a Gmail address, you can also lookat the Gmail web interface and make sure it shows up right there too, with the green check. Although unfortunatelly you have to clickthe dropdown to see the green check, but whatever better than nothing. And you can also look on your phone, likeApple mail, and there it should show the check all good. It's also good to check it on your phone becauseyou can be sure it shows up on devices even without any extra certificates installed yet,so you know it will show on everyone elses too. Note that on iPhone it will say it was signedwith a trusted certificate, but if you click "view certificate" it will actually say "NotTrusted". That's not a problem, that just means youpersonally have not installed that certificate on the phone, but obviously it's still signedby a trusted root certificate so it got the check mark and everything. What that feature is basically if you andyour friend or someone created your own certificates, you can choose to trust them even if theyweren't signed by an authority. 

INSTALLING CERTIFICATE IN IOS DEVICE

Alright now let's move on to setting thisup on an iOS device which should not take as long, we already did most of the legworkat the computer. To get the certificates to your phone, theeasiest thing to do is email them to yourself. So take all three from the folder, and attachthem to an email to yourself, then just open the email on your iphone. First we can install the personal certificatesimply by clicking the attachment, and then just choose to install it on the iPhone. Then you need to go into the Settings app,and near the top you'll see a new thing that says "Profile Downloaded", so click into that. It should say something like "Identity Certificate",and will probably say "not signed" in red, which is fine we'll fix that. So just click Install, then type in your passcode. Click install again at the top, and then installyet again at the bottom. And now it will ask you for that passwordfrom before, so type that in. Then you click Next, and it will say "ProfileInstalled", so click Done. We're not done yet, but you can find the installedcertificates or profiles on iOS, if you go to Settings > General > Profiles. In here notice how if you click into the profile wejust installed, it says "Not Verified". That's because for some dumb reason, the iPhonedoesn't fetch the intermediate certificate, whereas windows did, so we didn't have toworry about it before. If you were to try and send an email now withoutinstalling the intermediate certificate, it would actually show up to the other personlike this, all in red, with a thing that says "Unstrusted Signature", not a good look, that'sworse than nothing at all. The solution is really easy though, just goback to the email with the attachements, and click the attachment for the intermediatecertificate, which is probably called "Actalis Client Authentication CA G3" or whatever youcalled it, and do the same thing as before. Click it, install it to the iphone, go tosettings, install it from the 'profile downloaded' thing at the top, and it should not requireany kind of password because this is a public certificate. You'll also notice that this one will probablysay "Verified" in green unlike the other one that's red, and that's because this one wasactually signed by the root certificate directly, which is preinstalled on basically every device,because it's a root, that's the point. And also, now that this one is installed,if you go into your personal certificate profile again, this time it should indeed say "Verified"in green, because now the phone has the whole chain, so it can verify it originally camefrom the root certificate. One quick important question you might have,is "wait a minute, if I had to install the intermediate certificate to make it show upas trusted, won't anyone I send an email to have to do that to on their phone?" and theanswer is no. As long as you, the sender, have the wholechain installed, the phone sends the whole chain along with it in the email, so it doesn'tmatter if it's installed on the receiving device. So yes, it is stupid that the phone couldn'tget the intermediate certificate automatically when you installed it, when windows can, butwhatever. I'll also point out that I believe all ofthese free certificates issued by Actalis have the same intermediate certificate, youshould only have to install that one once on your phone, even if you add more personalcertificates for more email addresses. Of course you'll want to double check that. Also like I've said a couple times, you reallyshould not have to install the third root 

ENABLING SIGNING ON IOS DEVICE IPHONE

certificate, but it's still good to checkanyway. Alright so now that the certificates are installed,there's one more step, which is to enable the signing on outgoing emails. To do that, go back to Settings > Mail > Accounts> Click the relevent one you're setting up > Click 'Account' again > Then 'Advanced'. Here near the bottom you'll see some optionsunder S/MIME. Click on 'Sign', and make sure you selectthe correct certificate for the email address if there are multipl certificate options there. Then toggle the thing to enable signing, andnow it should say 'Yes' in the previous one next to sign. Also make sure that next to 'Encrypt by Default'that says No. We do not want that for our purposes and mightnot work at all depending on the recipient's device. Finally I would just go into your other emailaccounts and make sure it didn't for some reason enable Signing for any other ones besides the one we justdid. It shouldn't have, but just check a coupleto make sure they say No. And now, we are again ready for the momentof truth. So go back to the Mail app, go into the relevantemail account, compose an email and just send it to yourself, and it should come throughand have a check mark next to it.

WHY WE MUST ALWAYS TEST

 And here's anothing thing, every time youset up a certificate on a new device, make sure you send a test email AND look at thetest email on all your other devices. That way you can make sure nothing went wrongeither on the sending side, or any receiving sides. The example I gave before, was in Outlook,I had the wrong hash algorithm set, and while it showed up fine in Apple Mail (it didn'tcare about the outdated algorithm), in Gmail it did give that error, so just check everywhereto be sure. 

INSTALLING CERTIFICATE ON MACOS

Because we just set it up on iPhone, I willpoint out that on Mac the process is basically the same, you just open the email with thecertificates, then you choose to install it to "Sign In", not iCloud like it has by default. For some reason for me it won't work withiCloud. However, for me, my Mac actually did syncthe certificates from my phone to my mac automatically, so you might not even need to install them,you can check. Once they're installed on your Mac, now whenyou go to compose an image, by default you'll see a verification badge on the right nextto the subject line to show it will be signed, which you can click to disable 

INSTALLING CERTIFICATE ON ANDROID

if you want. If you're on an android device it should reallybe a similar process to iPhone, where generally you just open the attachments for the certificates,click them to install them, then it's just a matter of whether your email app will supportit. And of course no matter what email app you'reusing, you can just look up the instructions for how to enable signing. And like I said, I don't believe Gmail supportssending with S/MIME either on Desktop interface, or the Gmail mobile apps. 

MANAGED WORK ACCOUNT

So now that you know how to get the badgeset up on your email accounts, the last thing I want to point out is that if you do thison a work email account or work computer, I'm not totally sure if this will work allthe time. For example, if your email is managed throughan Azure Directory or something like that, they might have Microsoft Outlook set on allcomputers to disable those S/MIME settings. At the same time, you might still be ableto do it on your phone even if it's a work email. I really have no idea whether that's somethingcompanies can restrict, but I'm just pointing it out as a possibility, because I do knowsome companies actually use S/MIME internally. Anyway though, hopefully now all of you learnedsomething new. And I bet least a few of you are going toget some questions by people about how you got that cool checkmark next to your email. Be sure to give this video a like and alsosubscribe because I make new videos every week, and let me know what you think in thecomments. If you want to keep watching the next videoI'd recommend is basically my ultimate guide to spotting spoofed and fake emails to a ridiculouslevel of detail, you'll never fall for a fake email again (or have to worry about it). You can just click that right there. So thanks for watching, and I'll see you inthe next one.