The Internet and email is old at this point.

It can be reasonably argued that email links are a significant threat vector right now.

So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.

My questions for comment:

  • Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
  • Why can't we do PKI well after a few decades?
  • Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?

I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?

Image credit: https://www.office1.com/blog/topic/email

Edit, post not related to the site or any service, just image credit.

  • MSgtRedFox@infosec.pub
    hexagon
    ·
    11 months ago

    Yeah, my frustration with how we've centralized email on those enterprises is that criminals and spammers can just get accounts, pay marketing fees, malware ads, etc.

    Even PKI is frustrating in that it's both a racket where only a couple can do it for good reasons, they can almost charge whatever they want, and still there's places where you can get certs minted with almost no validation.

    I initially hated token login, but after you realize you never need passwords, to remember accounts, and it works for signing documents.

    I'm not says you shouldn't still have a private selection, but I wish we had a certified solution that could reduce deception. Or at least I would direct all non certified senders to spam.