Digital Signatures Key to Solving Email Woes

Looking for a great rate on a mortg(ag)e? Neither am I. But, judging from the number of such emails that find their way into my spambox — (Thank You, Spamassassin!) — a lot of people must be. These are no doubt the same people that believe ”eBay” et al when they get an email from the ”security department” there requiring users to confirm their account details by connecting to a seemingly harmless Web address and entering their account details.

It’s unlikely that anyone using the Internet these days hasn’t seen dozens and dozens of these messages. But, I’d posit that the people sending them wouldn’t continue, and in fact thrive, if it weren’t for the fact that there are people out there who fall for them… over and over. Old P.T. Barnum must be spinning in his grave. If only he’d had the Internet…

Also, it seems inevitable that whenever you put a bunch of security techies together, the discussion will turn to how to solve spam and/or phishing problems. Some will say it’s best to blacklist spam/phish sites to, in effect, isolate them from the rest of the Internet. Some will say it’s best to use a whitelist approach and only accept incoming email from ”known” and trustworthy addresses. Still others will say email is dead as an information medium and we need to start anew with a designed-from-scratch protocol for exchanging information.

I’ve heard all of these arguments, and I’ve seen people, companies, and even ISPs that have implemented them. In response to all of these well-intended schemes, I’m going to butcher a metaphor and say that all we have to do is click our heels together three times and repeat, ”There’s no place like home”. Why do I say that? It’s because many of the tools we need to address a large part of these problems already are on our PCs and servers.

You see, there’s a common denominator among many, but not all, of these email-based issues, and it is authentication. Many of our email problems these days exploit this fundamental weakness of SMTP. Phishing scams and mortgage ”deals” all dupe users into trusting them to be authentic.

After all, they sure look authentic. Perhaps the best means of verifying digital authenticity is the use of digital signatures. Almost every email client in existence today has the ability to verify a digital signature in either S/MIME and/or PGP. S/MIME is arguably the more ubiquitous of the two, as most enterprise-level email clients come with S/MIME built in, including a repository of root certificates to form the basis of trust in verifying a digital signature on an incoming message.

The capability is out there. It may not be a perfect solution, but it’s out there on the vast majority of PCs. And, just as many users have learned about the little padlock icon in the corner of their browser windows to indicate that SSL encryption is turned on, they can learn how to know when an email has been digitally signed with S/MIME.

So, why do so few sites make use of it? I’m sure there are many reasons. People think it would be too difficult for their users to understand it. They’d have to buy a digital certificate from one of the certificate providers in order to send emails out to their customers. Maybe they aren’t even aware of it.

Take note that you’d only need to buy a certificate (or run your own certificate service) if you’re sending messages that need to be signed. The recipients can verify the authenticity of your messages without having to buy anything more than what they already have.

Now, I should add a caveat here that digital signatures won’t stop spam delivery. That’s not what I’m trying to say at all. They will, however, provide a good basis for email recipients to trust — or not trust — the authenticity of incoming emails. That’s a start.

The time has come for us to start using digital signatures in our emails. Waiting for the perfect solution to come along isn’t going to help us today. The tools are there. Let’s use them.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle, December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author, November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author, November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard, November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author, November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle, October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle, October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle, October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey, October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author, October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author, September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle, September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey, September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle, September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire, September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle, September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire, September 09, 2020