Posted on

Flora Posidonia now offers secured e-mail receipts!

Earlier this week, Flora Posidonia added secured e-mail receipts to our online store. This feature is free, and it’s immediately available to all our existing and future customers. Secured e-mail receipts are an extremely powerful way to further protect your order details and can even be used to follow up with us on your order’s pickup schedule or other needs privately. We use this feature ourselves whenever you send us a message via our contact page, and we hope you’ll enjoy using the feature, too.

Learn how to set yourself up with secured e-mail receipts on Flora Posidonia, or read the rest of this post for more information about the e-mail security features we now offer.

What is a secured e-mail receipt?

A secured e-mail receipt is just like a regular order confirmation e-mail such as the ones you may already have in your inbox, but it includes an additional signature that cannot be easily forged. This means that after opting-in to receive secured e-mail receipts from us by enabling the “Email security” options in your Flora Posidonia account details, you’ll be able to verify that the e-mails in your inbox claiming to be from Flora Posidonia really came from here, and not someone pretending to be us. When these authentication signatures are added to e-mails, we say that the e-mail has been “cryptographically signed,” or sometimes that you received a “signed e-mail.”

Signed e-mails look differently depending on the e-mail software you are using. On macOS, using Apple’s Mail app, they look something like this:

Screenshot of Apple's Mail app displaying a signed e-mail.

But secured e-mail receipts can do more than just protect you from scammers in your inbox sending you faked e-mail. They can also hide your order details from everyone except you and us by encrypting (hiding) the e-mail content itself so that only you can read it. These are simply called “encrypted e-mails.” An encrypted e-mail will look like gibberish everywhere except on one of the devices you own, like your laptop or mobile phone.

The technology underpinning this is rather modestly called “Pretty Good Privacy,” or “PGP” for short. It also goes by another name, the “GNU Privacy Guard,” or “GPG” for short. We’ll use the terms “PGP” and “GPG” more or less interchangably on this blog, but pedants will surely note that these acronyms are also the names of two different software programs that offer equivalent functionality. You can use your choice of compatible software, of which there are many more options than these two.

Taken together, signing and encrypting the e-mails we send you means the order receipts you have in your inbox cannot be read by the likes of Google, Inc, even if you’re using GMail, and cannot be faked by scammers targeting you or, perhaps more likely, one of your friends. To actually perform the verification or decryption, however, you’ll need to add and use an add-on to your browser such as Mailvelope if you’re using webmail (like GMail), or a plugin to your e-mail software, like GPGTools for macOS or GPG4Win if you’re using a Windows computer. Don’t worry, we’ll also help you get set up!

Why secure e-mail receipts?

You may already know to look for the green padlock icon in your web browser’s address or location bar whenever you’re shopping online. This is the ubiquitous symbol for HTTPS, the secured version of otherwise unprotected web pages. On e-commerce sites, checkout forms regularly ask for your credit card number, which is certainly information you’d like to remain private between you and the seller you’re buying from. But without that lock icon, you have no guarantee that your credit card information is being sent to the seller you think it is, instead of (or in addition to!) someone else.

So, you check the address bar, see the green lock, and press the “buy now” button. But what happens next? Well, pretty much every online store will e-mail you a receipt, and in that receipt are some of the same details that you just carefully protected the privacy of in your web browser. These receipts often contain a full readout of exactly what you bought, how much money you spent, and so on. Sometimes these e-mails even include very personal information, such as your shipping address.

By securing the e-mail receipt, all this information stays private. Your order information stays private when you shop at Flora Posidonia thanks to HTTPS (for which we’re proud of our A grade when you test our HTTPS implementation), and after you opt-in to receive secured e-mail receipts, your order information also stays private when your confirmation arrives at your inbox. No one needs to know that you bought our heavy sleep tincture to help you sleep at night except you. Well, and us, of course. But definitely not Google, y’know?

Free software powers our secured e-mail feature

Flora Posidonia’s secured e-mail receipts feature is possible thanks, in part, to a truly awesome WordPress plugin not-so-subtly called WP PGP Encrypted Emails. Its developer recently added integration with WooCommerce, which is a critical piece of software on which Flora Posidonia’s storefront runs (woo-hoo)!

And by “free software,” we mean that the WP PGP Encrypted Emails plugin offers a completely free version of software whose alternatives cost anywhere from $200 to $400 per user. Worse, some commercial point-of-sale systems are both expensive and then still post your transaction receipts on the public Internet for anyone who’s curious enough to find. For a small shop like us, free software is the difference between being able to protect our customers (and our own business!) or simply not having access to the privacy and security features available to more wealthy corporations.

At Flora Posidonia, we feel that being safe, healthy, and respectful of one another’s privacy should be fervently supported, so we encourage you to help out the WP PGP Encrypted Emails author by donating to support their work.

How to opt-in to secured e-mail receipts from Flora Posidonia

By creating a Flora Posidonia account, you’ll be able to edit your profile information and account details. This allows you to view your order history, edit your saved billing addresses, change your e-mail address or password, and more.

Now you’ll also find a new section on your account details page called “Email security.” It looks like this:

Screenshot of Flora Posidonia's "Email security" account details section

At the top of the Email security section is a checkbox labelled “Receive OpenPGP-signed e-mails.” Simply tick the box, scroll to the bottom of the screen, and press the “Save Changes” button. The next e-mail we send you will include our digital signature, offering you the same state of the art anti-spoofing/anti-scam features that multinational corporations like Apple, Inc. use in their highest-security communiques.

If you’d also like the added benefit of e-mail privacy, you can also paste an OpenPGP public key or S/MIME public certificate—the equivalent of a digital lock that only you can open—into the relevant field on the same page:

Screenshot of Flora Posidonia's "Email security" account details section

When you give us your OpenPGP public key (that is, your digital lock), we’ll use it to encrypt (that is, lock) all the e-mails we send you, so that only you can read them. Not even your e-mail provider, like Google, will be able to see what you’ve ordered from us, or when and where you’re picking it up. Of course, in order to read the encrypted e-mails yourself, you’ll need to use a browser add-on or some other software that can use your OpenPGP private key to decrypt the message that we’ve encrypted to your public key.

Don’t worry if this sounds complex. There are many fantastic guides about how to use this technology online. Moreover, on your next order pickup, we’ll even help you get set up, one-on-one and in person! 🙂

We’ll help you get set up!

Adding cryptographic confidentiality, privacy, and security guarantees to our e-mailed receipts was remarkably easy thanks to the WP PGP Encrypted Emails plugin for WordPress, and all the great OpenPGP-compatible free software written by the larger Free Software community. And since it was so easy for us, we want to make it even easier for you.

Whether you’re picking up an order, or if you’re looking for help securing your e-mail receipts before your next order, ask us for help securing your e-mail receipts. As always, please use our secured contact form to contact us with any questions.

In the mean time, you can also check out the helpful resources below to learn more about OpenPGP-compatible encryption, signing, and the plugin that Flora Posidonia now happily uses.

Finally, please do donate to the author of this plugin. It’s so important to keep projects like this one available to all.