The InfoStride Forum

TECHNOLOGY => Computing and Internet => Topic started by: ReadWrite on May 19, 2013, 03:31 PM

Title: How To Make The World Safer For Email
Post by: ReadWrite on May 19, 2013, 03:31 PM
(http://readwrite.com/files/styles/800_450sc/public/fields/shutterstock_132912815.jpg) Guest author Jeremy LaTrasse is the CEO and co-founder of Message Bus (https://www.messagebus.com/), and was a co-founder of Twitter.

30 years ago a Digital Equipment Corporation (http://en.wikipedia.org/wiki/Digital_Equipment_Corporation) rep sent the first piece of spam. In 2013, the problem of spam has become an epidemic with severe if often unseen consequences. We now live in a world filled with digital messaging abuse; according to security giant Symantec, 65.9% of all email is spam (http://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence_report_02-2013.en-us.pdf)!

These days, the vast majority of that spam is caught and filtered before it reaches end-users' inboxes. But it's still out there, gumming up the works of the Internet and wasting huge amounts of network bandwidth as well as compute power and storage. And still enough gets through to make the practice worthwhile for the spammmers.

The threats faced by everyone who gets email vary wildly from penny stock ads and offshore pharma spam to phishing emails and virus-laden attachments. Socially engineered email content leveraging relevant and timely news are hardest to spot. A classic example is tax-time emails that claim to come from the IRS (despite the IRS stating it will never contact anyone by email (http://www.irs.gov/uac/Newsroom/Beware-of-Bogus-IRS-Emails)).

Malicious content and links are hidden behind innocent URL shortners (such as Bit.ly, Ow.ly etc.) and hyperlinked text make detection of bad links particularly challenging. And compromised social media accounts may be the most effective ways to spread abuse and malware because we trust our friends and family.

A Question Of Trust Yet trust is required for effective communication, especially when identity is involved. How can you, as an email recipient, trust that you are who you claim you are and that the message you are sending me is not malicious?

The answer comes in the form of email authentication technologies that help establish identity. These technologies present evidence establishing where the message came from and who sent it.

The email industry's leading organizations and thinkers have been working on ways of stopping fraudulent email for years. The most recent innovation, DMARC (http://www.dmarc.org/) (Domain-based Message Authentication, Reporting & Conformance) is helping email services like Yahoo, Gmail and Hotmail quickly determine the legitimacy of incoming messages. For DMARC to be successful, though, both senders and receivers need to come to the table; recently Twitter announced that it would sign all of its outbound email with DMARC (https://blog.twitter.com/2013/introducing-dmarc-twittercom-emails).

DMARC's rapid adoption by the receiver side of the email world (ISPs and mailbox providers) has resulted in nearly 60% of the world's inboxes secured using DMARC technology (http://www.marketwire.com/press-release/in-first-year-dmarc-protects-60-percent-of-global-consumer-mailboxes-1753646.htm) in the first year alone. Much of the technologies actively establishing trust and identity are invisible to the end recipient, but Hotmail users might have seen a little green Shield icon in their inboxes - this seal informs recipients that Hotmail has taken an extra step to ascertain the identity of the sender.

Despite the email industry's best efforts, however, fighting spam still requires the cooperation of the people and organizations who send and receive emails.

(Mass) Email Senders Have A Responsibility Senders of legitimate email must take steps to ensure message security and protect their customers and their brand:

5 Ways To Protect Yourself And regular email users also have to take steps to protect themselves:
Image courtesy of Shutterstock (http://www.shutterstock.com).

ReadWrite