Security, Spam and the Future of Email
Imagine a company with more than twice the number of users of Facebook and growth rates to match. Its technology is the primary means of communication for 95% of all businesses. What do you think would be a fair valuation? If the sheer size of its success were to attract criminals of all shades. Would you declare it dead or fix the issues that allow criminals to take advantage? I’m talking about email, of course.
Email is like a rock band from the ’80s: Scandal after scandal in the media but growing steadily. Predicting the end of email is a hobby, especially for new communication and collaboration solutions. But there is no indication any of these wannabe replacements will grow by 1.22 billion accounts until 2022 to match the expected growth of email. And it is not only business. Forrester found two-thirds of all people aged 12–17 use email — more than Snapchat or Facebook. Eurostat recently found individual email usage a hit across the board, growing in all age groups.
The first email was sent in 1971. It pre-dates the internet and was one of its original use cases. For me, it takes little to remember my fascination as a small boy when using an acoustic coupler and teletype terminal in my parents’ house in Germany to exchange messages with my father, who was in Australia at the time. For many, however, email has meanwhile turned from miracle to menace: An ever-growing avalanche of 912.909 legitimate messages sent and received each second, demanding time and attention.
Email’s enormous success has many reasons. It doesn’t come with any of the strings attached for single platforms dominated by just one company. It is censorship resistant and federated, meaning it can be run anywhere for any number of users. You could even run your own mail server just for yourself. Email is also robust for structured information, allowing the exchange of documents as well as pictures and videos. And it is extremely flexible, with dozens of email applications catering to different user habits and preferences. Finally, it is easily integrated into automated workflows, allowing for systems to exchange information in automated ways that have proven extremely robust.
None of the technologies some people believe will replace email has this five-finger death punch of benefits. Which is why they will not replace email. It is so dominant not because it is such a poor choice; it is so dominant because it is such a good one. Next to the mobile phone number, email is the only universal identifier that all its would-be replacements can agree on. It is ironic that so many solutions that are supposed to replace email are relying on it for password recovery. That is not to say email is perfect; as with anything this useful to so many people, criminals seek to take advantage of its weaknesses.
Email recently was called the biggest threat to business by Inc. magazine. And there is some truth to that. Email is the №1 vector for cyber attacks and malware. It is central in virtually all cases of identity theft and Business Email Compromise (BEC) has taken the lead in the FBI cybercrime statistic. The FBI website calls it the $12 billion USD scam.
Much has been done to secure email better in recent years, especially when it comes to security for the transport of email from one server to another. But better transport security for all email, spam or phishing messages included, is not really addressing the core issue. Security is not the same as authenticity. Nor does it give users more control over their inbox.
So email is far too valuable to abandon. And there is no actual alternative offering even close to the same advantages. But if transport security alone is not enough, what would it take to address the problems?
The answer becomes obvious once we understand email to be the world’s largest, unverified, distributed identity database. The moment we can verify the sender of a message and their role in the interaction with us, most of the scams and identity attacks will disappear quickly. Fortunately, work on self-sovereign identity and blockchain allows to do this in a way that is compatible with the original benefits of email. Thanks to advances in cryptography, especially in the area of so-called Zero Knowledge Proof, we can add layers of verification and better privacy at the same time.
The token economy might also hold the key to better control over our inbox. Once we can attribute value to the ability to write to our inbox, the financial model of spam no longer works. Email can become a selective channel again, filled with communication of value from the parties we want to communicate with.
The challenge for any such solution would be a seamless integration into existing email platforms and providers, alongside a user experience that improves email and does not get in the way. But the first team to deliver such a solution would be solving the biggest problem on the internet today, adding tremendous value to each of the 281 billion emails sent each day.
(This story first appeared on SecurityBoulevard.com)