back to article Email security crisis... What email security crisis?

In late August, Microsoft announced a free service that arguably reveals more about the future of the email business and its struggles with security than several years' worth of earnest press releases. Called AccountGuard, it's Microsoft's answer to the phenomenon of Russian phishing meddling with the US elections and the …

  1. Sixtysix
    WTF?

    Email is absolutely broken...

    Having just been stunned by a trivial cross domain spoofing gotcha pointed out during a penetration test, we secured *our* domain vulnerability with SPF, but once we understood the mechanism could scarcely believe how trivial email spoofing is if you control DNS/RDNS.

    Currently email servers take the message being received as "the truth". I suspect it would be better if rather than the message being delivered, a notification was delivered, and servers then had to decide if they were going to retrieved the message from the email server of record for the domain... but that's a whole new ball game. I suspect the folks that conceived email and the standards around it would be/are shaking their heads at the way things have gone.

    No point holding my breath for a "fix" tho

    1. Waseem Alkurdi

      Re: Email is absolutely broken...

      Historical reasons. It simply wasn't foreseen back then, because it was unheard of. That's also why the whole Internet is too broken (domain rerouting anybody?)

      1. Doctor Syntax Silver badge

        Re: Email is absolutely broken...

        "It simply wasn't foreseen back then, because it was unheard of."

        You could say the same about telnet and rcp which is why we now use ssh instead. Some insecure protocols have been replaced. It's time to move email along in the same way.

    2. jake Silver badge

      Re: Email is absolutely broken...

      "I suspect the folks that conceived email and the standards around it would be/are shaking their heads at the way things have gone."

      Our gaster is well and truely flabbered! There is no security in email, never has been, and there never will be (there are secure-ish options that look kinda like email, but email they ain't). Hell, email isn't even guaranteed to be delivered! It's best effort, at best. Don't get me wrong, it's a great tool for what it IS good at ... but security and guaranteed delivery? Faggedaboudit.

    3. taxman

      Re: Email is absolutely broken...

      To secure YOUR sending emails you'll need the SPF/DKIM/DMARC trio applied - but that doesn't stop fraudulent email from coming in to you. In addition to setting up your own email receipt rules (like how can an email purporting to be from your own business be coming in from outside your domain) you need every other email sender to apply the trio - and/or use (read pay for) a propriety protection or alert system. Which is a growing industry.

      The IETF have had plenty of time - and examples - to examine how broken email RFCs are and, along with the apwg and MAAWG, could have started to address some of issues (like checks on the header from address in addition to the envelope from address, IP/domain chains....). But perhaps they have realised that as use of email has progressed beyond that envisaged that it may be easier to try to educate to end user. Unfortunately that cannot be applied in many cases.

    4. Lee D Silver badge

      Re: Email is absolutely broken...

      Email protocols are real garbage and drastically need a complete overhaul for the modern world. There is no reason why we can't, but nobody has yet posited a standard that would work.

      We need a decentralised, encrypted end-to-end, certificate-verified system where even if GMail are receiving your email for you from the wider net, they AREN'T able to read your messages. Then we need an "opt-in" requirement where you can select who you want to receive emails from (which will come about accepting THEIR certificate).

      Then we can start thinking about the more complex solutions of email forwarding etc. or just change the system entirely. You can then remove all the SPF, rDNS, greylisting, etc. stuff.

      However you *won't* escape a dependence on DNS though if you have half a brain you'll insist on the relevant records being provided over DNSSEC.

      Until we literally throw SMTP, IMAP and POP out permanently, we can't progress on email security.

      1. Anonymous Coward
        Anonymous Coward

        Re: Email is absolutely broken...

        Just how are you going to know that the person purporting to be Alice is really Alice? That's why key signing parties were a thing back in the '90's. Without a sort of central registery for certificates, you aren't solving the problem of absolutely knowing that it's not really Eve.

        1. doublelayer Silver badge

          Re: Email is absolutely broken...

          So I should have a whitelist of people who can send me mail, having to negotiate their certificates approved by [not mentioned] so I can trust it? How do I deal with the "We would like to schedule your job interview for the important job you applied for." email that I'd like to read, but it's coming from an employee of that company whose identity I didn't know and therefore whose certificate I don't have, let alone approved.

          That also makes the process of using email for casual communication, at which it works well, much more irritating:

          Before:

          "We should really discuss this later. Would you be interested in meeting next week?"

          "Sorry, I'm busy then, but I'd love that. How about we email to find a time?"

          "Perfect. My address is person@website.domain. I can write that down if you'd like."

          After:

          "We should really discuss this later. Would you be interested in meeting next week?"

          "Sorry, I'm busy then, but I'd love that. How about we email to find a time?"

          "Perfect. My address is person@website.domain. I'll need yours, as well, to approve it."

          "Mine is another.person@adifferent.domain. Just let me get my phone out so I can send you my public key."

          "Sorry. My phone died earlier. I suppose I can try to find someone with a USBC cable I can borrow so I can record that and send you mine."

          "Otherwise, I suppose I could write down the hex value of my key and you could approve it. I hope that I'll remember to contact you, because without your key, I can't approve seeing your mails."

          "That will work great! It's wonderful how we solved that insecure email problem, isn't it?"

        2. Wensleydale Cheese

          Re: Email is absolutely broken...

          "Just how are you going to know that the person purporting to be Alice is really Alice? That's why key signing parties were a thing back in the '90's. Without a sort of central registery for certificates, you aren't solving the problem of absolutely knowing that it's not really Eve."

          Your mention of Alice and Eve had me trying to remember the other characters used as examples in security scenarios. I managed Bob and Mallory but didn't realise the list was so long:

          Alice and Bob - the full cast of characters

          For commentards who don't know who these folks are, that page starts with:

          Alice and Bob are fictional characters commonly used as placeholder names in cryptology, as well as science and engineering literature. The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A method for obtaining digital signatures and public-key cryptosystems."[1] Subsequently, they have become common archetypes in many scientific and engineering fields, such as quantum cryptography, game theory and physics.[2] As the use of Alice and Bob became more popular, additional characters were added, each with a particular meaning.

  2. jake Silver badge

    Secure email?

    There is no such animal. Never will be, either. Far to many vectors to lock down. Anybody who thinks otherwise is deluding themselves. Never put into email anything that you wouldn't shout from the rooftops. There are plenty of methods to communicate securely, but email isn't one of them.

    1. vtcodger Silver badge

      Re: Secure email?

      There are plenty of methods to communicate securely, but email isn't one of them.""

      I'm not sure there are "plenty" or sometimes even one way to communicate securely to an arbitrary third party. At least not electronically. But I think it very likely that attempts to make email "secure" would likely make it very difficult or maybe impossible to use email for purposes where security is not an issue.

      Security is very difficult to do even passably well. And it's very costly and inconvenient.to secure stuff. I don't see any sign that the helpful folks who sincerely want to help me out on the security front understand the potentially negative impacts of their efforts.

      1. Version 1.0 Silver badge
        Happy

        Re: Secure email?

        "Don't write anything you can phone. Don't phone anything you can talk. Don't talk anything you can whisper. Don't whisper anything you can smile. Don't smile anything you can nod. Don't nod anything you can wink." - Earl K Long

  3. John Crisp

    Unsecure

    It still doesn't cure the flaw that email transport is still allowed in unencrypted format.

    Sure you can send securely to your upstream server, but no guarantees after that.

    On top of that there is no easy way to genuinely ID the sender. PGP is too tricky for many.

    Had a good friend recently scammed by someone intercepting mail and she generously sent them $105k. Banks don't care because they are not at fault, and police don't have the resources to chase it.

    Apparently, from a good friend at the pointy end of banking security, this is an increasing problem, house purchasing being a particular favourite with solicitors being intercepted.

    Yes I'm sure the spooks don't want everyone using encrypted mail, hence the efforts on login security rather than transport security and ID authentication.

    Something needs to change, badly.

    1. Waseem Alkurdi

      Re: Unsecure

      Yes I'm sure the spooks don't want everyone using encrypted mail

      Something needs to change, badly.

      Public awareness. It's all about people knowing the risk. Unfortunately, the media is far too busy.

      Try this: Take your next layman and tell them that email could be intercepted and its contents changed. The response is either "Huh?", "Really?", or the stare that theoretical physicists know really well.

    2. Doctor Syntax Silver badge

      Re: Unsecure

      "PGP is too tricky for many."

      Is it?

      Email itself would be too tricky if you had to connect to the server with telnet and type in all the responses by hand. All that is wrapped up in the client's standard behaviour. HTTPS would be too tricky if the user had to vet the certificates themselves but the client does that.

      PGP is too tricky because it's not built into the standard as a basic element, in particular it needs a PKI which isn't provided for in the current email architecture. If we moved to a new standard which included the handling of private keys as part of the provision of a server the whole thing would just disappear into the background for most users.

      1. John Crisp

        Re: Unsecure

        >>"PGP is too tricky for many."

        >Is it?

        'As it stands', I think it probably is, though that doesn't mean it has to stay that way. The question is why?

        Why aren't the providers making it simple, and default? Why aren't they devoting some their energies to it?

        As I alluded, I wonder if there are some external pressures to keep it the way it is....

        1. doublelayer Silver badge

          Re: Unsecure

          One of the major security problems I have with email is how it is required by most things. Consider my recent attempt to switch from using a mail account provided by a company to having my own mailserver that would be more secure and more under my control. I've seen it recommended by a lot of people, so it should be doable, right?

          I already own a domain name, but if I wanted to get one, the registrar requires an email address for the account. It can't be my new one because I haven't bought a domain name yet.

          The place from which I'm buying my server space needs an email account. While I have a domain now, and thus could probably set up an address through it from the registrar's tools, they don't give me free mail facilities, and I don't want that anyway because I want to set up my own. So, since I don't have a running mail server yet, I can't use my new address.

          Fine, so I can't use server space that I buy from a remote provider. Maybe I can get a static IP and run a mailserver on physical hardware in my house. The ISP requires an email address.

          It seems that there isn't a good way to have an address that doesn't rely on an external address itself. I did end up setting up that mailserver, which now handles most of my mail. However, I still have to have that third party address, to deal with the messages and identification for my domain registrar and my server provider. I considered switching those accounts over to my new domain--I would have needed that third-party address at one point, but it could now be dispensed with--but then I realized that, should either the registrar or server provider become concerned and suspended the account or asked for additional verification, I'd be immediately locked out because I'd rely on the server they'd just cut off or shut down to authenticate myself. And people wonder why nontechnical users just set up free accounts with gmail. It's a losing game, it seems.

          1. Anonymous Coward
            Anonymous Coward

            Re: Unsecure

            Um, you get an email at gmail, hotmail or whoever to use with setting up a domain, server space, etc. You are making it a lot more complicated than it is. I have my own mail server, have since the 90s. If I wanted to set it up again on a new domain it would take me an afternoon.

            The problem isn't that this is difficult, but that it isn't an option for the ordinary person because there's a learning curve involved (as a former sysadmin I already had the knowledge) And there are some compromises (i.e. I am limited in my ISP choice since I need a static IP where I control the reverse map, though if I went with a hosted option or set up a VPN tunnel to be my MX I could get around that)

            1. doublelayer Silver badge

              Re: Unsecure

              That is exactly my point. It was easy enough for me. However, it involved using a gmail address. In the days when people are unwilling to trust gmail, what can I offer them as an alternative. Very little. It isn't possible to set something up that would be independent of it. In the end, you end up with a chain of things that are all tied to an email address, and the only place you can get one of those that isn't connected to another chain is a company that is external to you and that you may not trust. You major options are google, microsoft, and apple, with a few Russian and Chinese participants available too. I'm sure you can find some more that will let you pay them for access, but there is not a guarantee that they will be any more trustworthy. A new system may not fix this.

        2. Anonymous Coward
          Anonymous Coward

          Re: Unsecure

          There are various reasons a provider may not be totally in favour of encouraging end-to-end encryption. This service being a perfect example. Spam filtering and phishing detection, which I suspect is more important to most users than encryption, is rendered almost impossible anywhere but the end-points by such encryption. And, whilst the client may be able to have a reasonable stab at performing some of this filtering, potentially assisted by certificates on encrypted mail (though even this is questionable for unknown senders), in reality it will likely always be inferior to the service a large provider could give with dedicated teams of analysts and the ability to detect trends across millions of different users. Fundamentally, if PGP became universally and seamlessly available, it would not take long before phishing and spam started abusing it to evade current filtering. Not saying people shouldn’t use such encryption for sensitive mail, but for most users, especially those prone to mindlessly clicking links / opening attachments from unknown sources, I simply cannot see the pros outweighing the cons.

          1. Charles 9

            Re: Unsecure

            So basically, we're screwed. Any form of remote communication can never be sufficiently secured against a sufficiently-determined adversary (like a government-backed evil twin). Plus the malcontents are taking advantage of the very things that make our forms of communication useful (like anonymity), so there will never be a solution that doesn't carry significant collateral damage. Stateful Internet means Big Brother. Whitelists mean you can't receive truly useful stuff from newcomers, and registries can be subverted or hacked.

  4. Waseem Alkurdi

    "The email god that failed", not "The email God that failed". Big difference.

    The uppercase 'G' is used when talking about the God of Abrahamic religions (a god called God), and the lowercase 'g' is used for talking about any other deity, existence of that deity being irrelevant, including that "deity of email".

    1. jake Silver badge

      Who the fuck cares about such semantics in this day and age?

      There is no God. Or god. Or whatever. Wake up and join the 21st Century, already.

      1. Waseem Alkurdi

        Re: Who the fuck cares about such semantics in this day and age?

        There is no God. Or god. Or whatever. Wake up and join the 21st Century, already.

        What I pointed out is a mistake in the article. Why did you interpret it as a call for you to wax lyrical with your ideological views / your religion? (Disbelief in a god is also a belief, because if you can't prove a god, you can't absolutely prove the non-existence of one either, so disbelief in a god is also faith).

        Read and think before rushing to the Comment button! :-)

        1. Thomas 6

          Re: Who the fuck cares about such semantics in this day and age?

          "Disbelief in a god is also a belief, because if you can't prove a god, you can't absolutely prove the non-existence of one either, so disbelief in a god is also faith"

          Yeah, not true for the vast majority of cases.

          "There is no God", in everyday speech, is shorthand for "Given all available evidence, the probability of the existence of god(s) is so low that it can reasonably be classed as impossible".

          See also, orbiting teapots.

          1. Waseem Alkurdi

            Re: Who the fuck cares about such semantics in this day and age?

            See also, orbiting teapots.

            Also known as Russell's teapot, cosmic teapot, Dawkins's Flying Spaghetti Monster, Garage dragon/elephant, ...

            There's a real flaw with this class of argument: it really doesn't change anything apart from providing an analogy "both are improbable" based on a non-believer's own view that "the evidence doesn't show it". You think that the evidence doesn't show that a {g,G}od exists and you built an analogy around that.

            See Wikipedia's page on the cosmic teapot for a primer on how other philosophers criticized this argument.

            1. MiguelC Silver badge

              Re: "Dawkins's Flying Spaghetti Monster"

              Dawkins'?!? How dare you, Sir, imply the sacred Flying Spaghetti Monster might be Dawkins' invention?

              Let me direct you to the origin of the Pastafarian recipe of salvation and correct your mismeasures.

              1. Waseem Alkurdi

                Re: "Dawkins's Flying Spaghetti Monster"

                My bad, it's not Dawkins (although he refers to it in his books). It's that chap Bobby Henderson, pretending to be funny or something, in a letter to the Kansas State Board of Education.

          2. Waseem Alkurdi

            Re: Who the fuck cares about such semantics in this day and age?

            reasonably

            So this is still faith. The answer is either "absolutely yes" or "absolutely no", or it's faith (in an interpretation of evidence) until the answer is one of the first two. Isn't that what believers arguing for God get told? Until you're 100% sure beyond doubt (i.e. observe God), you're still believing, and that belief is either justified or not depending on evidence?

            1. Thomas 6

              Re: Who the fuck cares about such semantics in this day and age?

              The point is that both propositions, without evidence, are absurd. It is not that I do not 'believe' that there is a God (or orbiting teapot etc), it is that I reject other's assertion that there is.

              I also do not understand some religious people's obsession with regarding a lack of belief as a belief itself. Is your belief in a God as strong and important to you as your belief that there are no orbiting teapots?

              1. Aladdin Sane

                Re: Who the fuck cares about such semantics in this day and age?

                After years of scientific progress, not once has the answer to any mystery been "magic".

                1. T. F. M. Reader

                  Re: Who the fuck cares about such semantics in this day and age?

                  @Aladdin Sane : After years of scientific progress, not once has the answer to any mystery been "magic".

                  But lots and lots of times the answers were indistinguishable from magic.

                2. Tony Paulazzo

                  Re: Who the fuck cares about such semantics in this day and age?

                  On topic, email security sucks, never trust it, tell everyone you know to assume it's not really from where it purports to be and any company that legitimately asks you to click a link in their email should be sacked for promoting bad online security (this means you Paypal).

                  Off topic : After years of scientific progress, not once has the answer to any mystery been "magic".

                  Read up on Quantum Mechanics then tell me gods don't play dice and happily break the fourth wall. Believing in the non existence of something without absolute proof is belief whether you like it or not. Smashing the downvote button doesn't validate your* non belief.

                  * Your as in general, not you personally.

                  What... is your favourite colour?

                  What... is the airspeed velocity of an unladen African swallow?

                  What... is the breath of life - physiological processes or simple magic?

              2. Waseem Alkurdi

                Re: Who the fuck cares about such semantics in this day and age?

                it is that I reject other's assertion that there is.

                Which is an assertion in itself. Catch the air of my argument?

                I also do not understand some religious people's obsession with regarding a lack of belief as a belief itself.

                It's not an obsession, it is a feature you've pried out of the middle of a typical discussion about belief, in this case being a rational answer to something to the gist of "You religious people! You claim to have the truth about there being a God, while in fact we aren't 100% sure (haven't observed Him), so this is nothing but belief!".

                Is your belief in a God as strong and important to you as your belief that there are no orbiting teapots?

                It's because you've started at the middle of such a discussion. This is a (very common, verging on cliche) analogy, and this is a response to that fallacious comparison involved. Believers don't give a shit about orbiting teapots ... it's non-believers that are really obsessed with showing that believers in God are like believers in teapots :-P

      2. Mike 125

        Re: Who the fuck cares about such semantics in this day and age?

        >>There is no God. Or god. Or whatever. Wake up and join the 21st Century, already.

        Yea there is- his other name's Wilko Johnson. I accept your point about the 21st Century..

        1. Aladdin Sane

          Re: Who the fuck cares about such semantics in this day and age?

          Close, it's Johnny Wilkinson.

          1. Kevin Johnston

            Re: Who the fuck cares about such semantics in this day and age?

            Surely it is Eric Clapton

        2. Herring`

          Re: Who the fuck cares about such semantics in this day and age?

          I was watching some old sci-fi the other night, and the scary priestess woman declared "I am the messenger of your god: Neil". So now I accept that god's name is Neil.

  5. Doctor Syntax Silver badge

    Claims to be able to detect phishing campaigns would carry a bit more weight if they were able to detect phishing emails sent via their own service claiming to come from them. They may have got a bit better at it but some of them still get through.

    1. Waseem Alkurdi

      Claims to be able to detect phishing campaigns would carry a bit more weight if they were able to detect phishing emails sent via their own service claiming to come from them.

      Are you sure you understand how the attack works?

      The email header is what's being changed. Like, I own a rogue server based in, dunno, Waseemstan. I'd forge the email header to say that the email comes from, say, Trump's personal website or something. The email providers have zero control over the message because it isn't even being sent through their network.

      Edit: Have just re-read your post ... Is your point that, for example, Office 365 should know it when the email header says that a message comes from an Office 365 email server, while in fact it doesn't?

      1. Doctor Syntax Silver badge

        "Is your point that, for example, Office 365 should know it when the email header says that a message comes from an Office 365 email server, while in fact it doesn't?"

        My point is that a user such as Maintenace Care<random-user@hotmail.com> (other MS domains are availabe) can send a message with a title such as YOUR HOTMAIL WILL EXPIRE SOME DAYS TIME to a Hotmail (other MS domains are available) user and it's not picked up by their spam filters even if, as is likely, such messages are sent in bulk. That particular one, a couple of weeks ago, carried a docx attachment; yes, I'm really going to open that, aren't I? Then there's the ever faithful "Account Team" who sent not one but two "De activation in progress" emails 5 minutes apart a week or so earlier than that.

        This sort of spam is old enough to buy its own drinks

        Sometimes, for weeks at a time, they seem able to trap such crap into the spam folder then they have a spate of letting them through.

        1. really_adf

          My point is that a user such as Maintenace Care<random-user@hotmail.com> (other MS domains are availabe) can send a message with a title such as YOUR HOTMAIL WILL EXPIRE SOME DAYS TIME to a Hotmail (other MS domains are available) user and it's not picked up by their spam filters ...

          In many cases, I suspect, this sort of thing is "genuine" email from a compromised account, and by definition it can only be identified as bulk after some number have been sent; you were probably (unfortunately) just near the top of the list...

          1. Doctor Syntax Silver badge

            "by definition it can only be identified as bulk after some number have been sent"

            Spam filtering works on more than number of similar emails*, hence my point about the length of time some of this spam has been about.

            Even if retrospective detection is applied then as long as the user at the top of the list hasn't collected email - and I only collect from the Hotmail account at wide intervals - then it's perfectly possible to move mail from Inbox to Spam.

            *In fact, legitimate bulk email isn't uncommon so number isn't an indicator of spam

  6. Anonymous Coward
    Anonymous Coward

    Until there's a sexy solution, nothing will change

    because that's how the money goes.

    In the meantime, very small changes - or even a single change - could probably halt 80% of attempts. Just don't allow email clients to invoke web browsers. (Yes, it's that simple).

    If you are going to sacrifice security for convenience (because if you don't do the previous, that's what you are admitting is the case) then FFS at least don't render links where the URL is different to the displayed text.

    Or, if you have to render them, then at least do it in red, with a confirmation dialog, so the user has a warning.

    Alternatively you could spaff me a few hundred thousand, and I'll deliver you a clunky, dodgy "AI" "solution", and see you all here in a years time.

    1. Doctor Syntax Silver badge

      Re: Until there's a sexy solution, nothing will change

      "Just don't allow email clients to invoke web browsers. (Yes, it's that simple)."

      Close. Don't use web browsers as email clients. Webmail needs to die.

      1. jake Silver badge

        Re: Until there's a sexy solution, nothing will change

        "Webmail needs to die."

        Totally agree. However, to get back to the point, even if webmail went away tomorrow, email still wouldn't be secure. Not by a long shot.

        1. Doctor Syntax Silver badge

          Re: Until there's a sexy solution, nothing will change

          "even if webmail went away tomorrow, email still wouldn't be secure."

          It would be a necessary first step in establishing client to client encryption. With webmail the web-server to browser link might be encrypted but the email decryption is going to be done by the mail provider. That means that the mail provider has to have the user's private key and that in turn raises some pretty obvious problems.

    2. Tabor

      Re: Until there's a sexy solution, nothing will change

      “FFS at least don't render links where the URL is different to the displayed text”

      Doing that would be applauded by almost all, but not all unfortunately.

      “As if millions of voices suddenly cried out in terror and were suddenly silenced.” The voices in this quote would belong to marketeers worldwide, no doubt.

  7. Zippy´s Sausage Factory
    Facepalm

    What amuses me is the Microsoft Developer Newsletter keeps ending up in spam. Why? "We couldn't determine that this email is actually from email.microsoft.com".

    Sigh...

    1. Serg

      Devops!

      That's because someone in devops set it up on their not-work domain. Obvs.

    2. Anonymous Coward
      Anonymous Coward

      What amuses me is the Microsoft Developer Newsletter keeps ending up in spam. Why? "We couldn't determine that this email is actually from email.microsoft.com".

      Sigh...

      --------------------------------------------------------------------------

      I've got another good one.

      Our cloud anti-spam filter reports are marked as spam... and have to be released in order to find out if there is any spam, as a report that there is no spam is also spam.

  8. Anonymous Coward
    Big Brother

    Microsoft announces threat intelligence service?

    How about an email service that transparently verifies that an email is really from the name appearing in the FROM: box and full -end-to-end encryption to be sure no third party is snooping on your emails.

    Introducing Address Verification and Full PGP Support

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft announces threat intelligence service?

      Tried ProtonMail, but not sold on it. For starters their T&C implies secondary account validation is optional, but they rigidly enforce phone-number / email registration during sign-up, which kills the privacy-idea stone dead imho. Can't reuse details to open further accounts either which isn't helpful! The registration form is also buggy and has a stupidly low limit on how many TXT resends it will do. Open to other suggestions for EU hosted free-email to get away from BigTech slurp if anyone has any... Thanks!

      1. doublelayer Silver badge

        Re: Microsoft announces threat intelligence service?

        Unless this has changed in the past two weeks, the phone number step is not required. Fill out the original form for a free account. They will demand proof of humanity, which I think is set to phone number. However, you can do a captcha, get a mail to another account, or donate to bypass this. Then you have an account. I speak from experience, having done this twice.

    2. Charles 9

      Re: Microsoft announces threat intelligence service?

      How will this fare against an increased prevalence in hijacked accounts? Where there's an evil will, there's a way.

  9. Dave Lawton
    Holmes

    How about killing off HTML emails

    Ban them, remove the facility to send them from email clients.

    Then they can only send Plain Text.

    Remove the facility to read them from email clients.

    Then they can only read Plain Text.

    1. Charles 9

      Re: How about killing off HTML emails

      Ever thought there was a reason formatted e-mail was demanded? Because some things cannot be reliably sent in plain text (the whole "picture is worth a thousand words" problem)? And since attachments can't be trusted, either, that's not an option, either? So what do you propose for someone who ONLY has e-mail as a possible medium?

      1. Dave Lawton

        Re: How about killing off HTML emails

        Demanded: yes, by PHBs in manglement, and marketing who lack clue one.

        Anything can be conveyed in Plain Text, you just have to have a good command of the English language.

        Have you never come across the concept of shared drives ?

        1. Charles 9

          Re: How about killing off HTML emails

          How do you convey the Mona Lisa in only words, then?

          As for shared drives, heard of them, don't trust them.

          1. jake Silver badge

            Re: How about killing off HTML emails

            "How do you convey the Mona Lisa in only words, then?"

            UUencoding. No need for MIME, even.

            Concur on shared drives. FTP makes much more sense.

            1. Charles 9

              Re: How about killing off HTML emails

              UUencoding = attachments which can be poisoned.

              And how do you FTP if you're behind a CGNAT, or worse, don't have access to a server or the port?

  10. Anonymous Coward
    Anonymous Coward

    Too much is getting grafted onto the existing protocol

    There's so many little pieces, with spotty support. We need a fresh start where everything is mandatory, with a new MXX record in secure/encrypted DNS (can't use it with standard DNS) that includes certificates etc. to fully handle the "prove your domain is who it claims".

    It would use a different protocol than SMTP - might be something very similar like XRECV or whatever so you don't need to rewrite from scratch, but it is important that it can't be used with old clients. Every email would be encrypted with the public key of the recipient, and signed with the private key of the sender (oh no, this will make mailing to 1000s of people inefficient, boo hoo cry me a river, mailing lists can keep using the old technology) The mail server would have a new daemon that basically acted as a directory service to get the public key of a sender/receiver for validation/decryption. The keys would be good for a short period of time like a week/month, and automatically re-fetched when needed or regenerated when yours expired.

    Two factor authentication would be mandatory. Everyone has a smartphone now, a simple app on a smartphone could generate the OTP to go along with your password (which wouldn't need to be impossible to remember now that you have that second factor protecting you, which would increase its acceptance)

    So how do you convert from the old to the new system? Well, your clients would have a way of marking recipients as "MXX capable" or not, and every time you sent an email that was going to be sent via the old way, you'd get a pop up telling you who is getting it the old way. The default would be to NOT send to them (to avoid people simply hitting return and ignoring) and hopefully people with the new clients could help evangelize the laggards into conforming.

    OK, I'm sure I've left a half dozen issues unaccounted for, but that's a pretty good start for five minutes thought I think!

    1. Charles 9

      Re: Too much is getting grafted onto the existing protocol

      "There's so many little pieces, with spotty support. We need a fresh start where everything is mandatory, with a new MXX record in secure/encrypted DNS (can't use it with standard DNS) that includes certificates etc. to fully handle the "prove your domain is who it claims"."

      What's to stop the domains themselves from being hijacked to provide a platform? Plus what if your DNS is spotty?

      "It would use a different protocol than SMTP - might be something very similar like XRECV or whatever so you don't need to rewrite from scratch, but it is important that it can't be used with old clients."

      It MUST work with old clients because many have no choice in clients. It's old clients or bust.

      "The mail server would have a new daemon that basically acted as a directory service to get the public key of a sender/receiver for validation/decryption. The keys would be good for a short period of time like a week/month, and automatically re-fetched when needed or regenerated when yours expired."

      And if Murphy strikes on the server, as it's sure to happen? Say goodbye to the e-mail which you already received.

      "Two factor authentication would be mandatory. Everyone has a smartphone now,"

      Not necessarily. Many people are stuck with dumb phones, or no phone at all by design, saying if they want to be reached at work, they'll bloody be at work. Plus phones get lost or stolen.

      "and hopefully people with the new clients could help evangelize the laggards into conforming."

      And if they DON'T because the laggards also happen to be over their heads?

  11. Anonymous Coward
    Anonymous Coward

    'The "free" thing was such a big deal'

    Beware Big-Tech coming with free gifts, where's the catch?

    Free today subscription tomorrow or is there another aspect.

    Won't profiling of emails be required or how will this work???

  12. Aodhhan

    Memo to all Personnel

    Attention,

    Due to the recent threats and a need to have a system we can store state secrets on, I've ordered our email server to be moved into a towel closet near a bathroom; where it's unlikely any malicious foreign service will find it. We've also instituted an offline backup system to place important files on the laptop computer of my assistant's husband.

    Thank you

    --Hillary and the DNC--

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like