Is there a way to prove that a communication sent by e-mail or other means comes from the person in control of a website?
I'm talking about something fairly simple. Google, for instance when validating a website for Webmaster Tools or a domain for Google Apps, will ask you to put a code that they supply you into a text file located in the root directory of the website. But what I'm interested in is something that an ordinary, casual computer user could do upon receipt of an e-mail from a website operator to verify its provenance. The website owner may not have control of the domain itself or power to send e-mail from a domain address.
I've been reading up on PGP, but my head is spinning. But for instance, is this scenario possible?:
- A long key code is published on the website.
- In an e-mail another, different long key code is included.
- O.K., now I'm starting to get confused.
I guess what I'm thinking of is that a recipient of a readable, plaintext message could somehow check something contained in the message against something on the website (maybe via an online web app, not any complex software that they would have to install), and they could be confident that the message came from the person in control of the website.
Ideally, this solution would be free as in beer and would not require the website owner to compromise his privacy or anonymity.
Specific recommendations of web apps or Macintosh (or Windows) apps or open source website development tools would be appreciated.
