Email Security Advances

For ten years or more email has been one of the most common routes for virus infection. Even after years of warnings, some people continue to open attachments from senders they don’t know.

If the infection stopped at his or her computer, the damage would be limited. Unfortunately, once activated, many viruses can spread over the Internet without further action, infecting other computers.

Several new techniques have been implemented or are in development that – although they don’t represent a cure – can help reduce the size of the problem.

SPAM buttons

One of the ways ISP/ESPs (Internet Service Providers/Email Service Providers) learn to block certain messages is by being told by their users that the message is spam. You’ve probably seen by now one of the newer ways they use to enable that communication: the ‘This Is SPAM’ button on your email client.

There are pros and cons to the use of that method. While it makes for an easy way for users to notify the ISP/ESP to block future messages of that type or from that sender, it has drawbacks.

Too many people use it as a method of attempting to ‘unsubscribe’ from an email list they in fact subscribed to voluntarily. That doesn’t unsubscribe them, nor remove them from the email list. But it does unfairly paint the sender as a spammer. It just clouds the method with a lot of false positives.

Authentication

Distinguishing wanted emails from spam is easy for 80% of the messages received. People will overwhelmingly agree about those messages and place them into the correct category. Deciding whether the remaining 20% are wanted, or whether they represent spam is trickier.

Just because a message isn’t desired doesn’t make it spam. You may not enjoy those unprompted political rants from your cousin. But labeling them spam can be a matter of opinion.

One method that attempts to overcome the difficulty involves using something called ‘authentication’. If you’ve used Microsoft’s Hotmail, you’ve seen one version: Sender ID. There are others, including pay-for-review services that authenticate emails for large email marketers.

Whatever the particulars, the methods boil down to getting someone to tag a message as being from a trusted source. If you trust the source not to spam you, you’re much more likely to open the email. Those methods are still not universally used, nor are the rules for authentication fully agreed on. But they can help.

Several other methods, some simple some highly sophisticated, are in development or early stages of implementation.

Email postage is one. Legislation in the U.S. requiring double opt-in is another. You sign up, then you respond to a confirmation email before being placed on the email list. More buttons that distinguish between SPAM, UNSUBSCRIBE, UNKNOWN, etc are one more.

Their use is almost certain to continue and expand. Some researchers put the percentage of spam emails as high as 70%, and few rate it less than 50% of the total number sent. Everyone agrees, something must be done.

61 queries. 0.484 seconds