We still dedicate a lot of our time to security during the development and upgrades of AdSigner. Because using our mail servers as proxies to equip emails with signatures opens up high security risks, including man-in-the-middle attacks, we decided to go with a different approach.
Using our SMTP server to inspect the content of emails and inserting signatures would be a very convenient way of doing it. However, it exposes a high risk for AdSigner to be used as an attack vector for malicious hackers. It also gives no control to our customers and requires a strong trust in our service to hand us all their emails on a plate.
While a lot of our competition handles signature insertion in the way described above, we managed to come up with a better, safer solution. Instead of inspecting email content to see where we need to insert the generated signature, AdSigner generates an HTML code from the templates, which users easily insert into emails themselves. This way, users have all the control over signatures, and our service never sees their email content.