Authenticated Email Senders
By
Staten Island, NY Posted: 10/7/2015 1:00:00 AM
The first step towards preventing fraud.
If you open your inbox, and see an email from a stranger with the heading "Check this out", would you trust it?
What if you saw the same email email from somebody you knew. Would you trust it? The problem is, many people would say yes, and that's exactly why scammers spend a lot of time trying to figure out the relationships between email addresses. Once they find a connection, they've got all they need to exploit it, and they don't need to hack your account to do it.
As it stands today, whenever you send an email, there isn't any system in place to authenticate who the sender is.
This means that anyone can send an email to any email address in the world, and configure their software to say that it came from you, and they don't need to hack your password to do it.
So, all they need to do is gather email addresses of people who may know each other and make one address the sender, and the other the recipient. It doesn't matter which is which. You can even send a second email with the addresses reversed. All that matters is that you think there's a relationship between the two addresses, such that they would recognize and trust the sender.
The solution is pretty simple, authenticated senders.
If every major email service sent along an authentication flag with every email stating that the message came from the person who sent the email, the recipient would know which mails were genuine, so they can be certain they were safe to open.
Last year, AOL had a widespread problem when spammers sent millions of emails that looked like they were from AOL members, making many people think their email passwords were hacked. As it turns out, the senders didn't actually hack any email passwords. They just managed to get access to an old database of email contact lists. This was enough information to send spam to and from various names who were on the same contact list.
A good hacker doesn't even need to gain access to contact lists to build their own list of related senders. There are plenty of simple ways do it but there's no point going over that here.
The point is, email fraud won't go away, but email providers can make it easier to tell when an email was sent from an authenticated sender.
The first step towards stopping fraud is identifying which emails came from real people.
Joe Crescenzi, Founder
Related Media:
(Reply N/A) (Edit Topic N/A)
(Like Topic N/A) [0 ] 6385 Views
Related Posts
Email(34)Gmail(27)Security(42)
Top 25 Posts
* Note: The ideas on "Idea of the Day" were posted without any formal research into existing inventions.
In some cases, patents may already exist for these ideas, in other cases, there may not be any existing patents and you are free to develop and explore the viability of developing and patenting the ideas.
The authors make no claim that any of the ideas are safe, practical, or suitable for any particular purpose. You are responsible for the results of trying, developing, patenting or using any of the ideas on this site.
For some people, our ideas are just an interesting read, but our goal is to encourage you to take action. If you see an idea that you like, do something with it... Take action.
- Joe