Simple defense to reduce email risks

Why don’t major webmail providers support this?

We have all been subject to spam. And most of us to malicious emails too. Particularly annoying are emails that present a threat simply by being read, even if no links are clicked. But there is a way to substantially reduce the risk that people will open dangerous emails. But for some reason none of the major webmail providers support a mechanism to enable this.

Why? I have no idea.

The simple solution is to allow the email settings to be modified to show the actual email address of senders.

An email address is typically of the form:
“Fred Smith” <fred.smith@emaildomain.com>

And in a webmail application, the user is typically presented with “Fred Smith” as the sender.

But what if an email is received from:
“Fred Smith” <nasty.phisher@dangerousdomain.com> ?

Well in all the major webmail applications, the user is still presented with “Fred Smith” as the sender.

If you have a friend or colleague called Fred Smith, you are tempted to open this email. But if you had the option to configure your webmail to display nasty.phisher@dangerousdomain.com would you be tempted? I suspect not.

So why do the webmail providers not offer this option?

Now clearly this is not a watertight solution because you can fake the from address quite easily. And some malicious from addresses do not look malicious anyway – for example, an email from Andrew.White@gmail.com would not raise alarm bells. But it might save some people a whole heap of trouble.

It is not a major technical challenge for webmail providers. So why don’t they do it?

Post a comment

*

Copyright © Vox Sapiens
Intelligent Commentary on Society and Business

Built on Notes Blog Core
Powered by WordPress