It's the key exchange that's difficult. However, as the blog rightly points out, having companies sign their emails would be a massive step in the right direction. Every ordinary person uses an email service. If that email service handled the key exchange for those companies the it would be truly wonderful. It doesn't even need to be that difficult given that these companies almost certainly have certificates for their websites.
Then all the service provider has to do is put this nice message when delivering the email: "This email was not signed by the company that it claims to be sent from. Beware." Not in any way difficult for an ordinary person to understand.
With things like signal or whatsapp you get encryption and signing automatically and everybody uses it.
Why don’t people use signing with email then? Because it is not the default, not built in and not the standard everywhere. Blaming those people for it is wrong. Blame those who didn’t manage to implement the standards and stand in the way of making it the default
Signal does make a bigger deal about trying to get you to verify, but in practice for both systems casual users don't do it. Most of my Signal contacts aren't verified.
Without this step an attacker can MITM these protocols because the identity problem is hard and cannot be waved away.
I'd prefer to verify all of my contacts but, given my security model, this is good enough and a huge step up from email.
I don't need to verify the code because everything else about the communication matches.
> Turn on this setting to receive notifications when a contact's security code has changed. Your messages and calls are encrypted regardless of this setting.
Or more so, DON'T have. I don't know if I'd qualify for "ordinary person" here but regardless, of the emails I went through this morning I don't think I can think of ONE that I cared about actually being from the sender it said it was from. There are very few that matter that much.
I'm not sure how PGP would help though, as the user also has to check, if the email from his bank was signed with the correct key. Checking the exact domain name is something he can already do and I guess is also easier to understand.
https://en.wikipedia.org/wiki/Deniable_authentication etc. Perhaps you can do it with asynchronous protocols too, though it seems harder.
Well, some of the oldest corporate systems (Lotus Notes, MS Exchange) did (and I think still do) have the capability for transparent secure messaging. Still, sysadmins rarely ever bother to use it. I believe the cause is that nobody wants to operate a certificate authority if they can avoid it, and when they can't, they'd rather restrict it to the bare minimum (servers that are absolutely necessary).
If corporate sysadmins can't be bothered to look after keys, you can imagine how motivated the average user will be to do the same.
The truth is that X509 remains a clusterfuck: it's just too burdensome. LetsEncrypt is a first step in the direction of replacing it with something better and more automated. "LetsEncrypt for email" would be very welcome - although I bet the security services of the world would be really pissed off.
It's not just people are not learning. I don't see any ordinary email client is encouraging people to use signing or encryption. Which is very odd to me.
Just imagine what if all the email client start asking their user to sign their email, and mark unsigned email as "Untrustful".
I don't want this to come across the wrong way - but are you a Linux engineer/admin? I think when someone has deeply understood deeply technical things for a very long time, they lose touch with just how arcane their knowledge is and how much of a real expert they are - skyscrapers above the ordinary level of knowledge. This state leads them to think that what is obvious to them can't be hard for others to understand.
I really don't see what's so hard about the first paragraph, which is the only one intended to be understood by a layperson. Even though the concept of "signing" has a long-established and well-known non-digital meaning, which nearly everyone will understand, the paragraph still goes out of its way to define it. Seems pretty idiot proof to me.
There are many problems with email. The ability for email@example.com to claim to be firstname.lastname@example.org is not at the top of the list.
Heck, even on desktop clients it's a pain in the ass. Ever tried to create, install, and use an S/MIME certificate in a major desktop client, like Outlook or Apple Mail? It's ridiculous. An obscure mix of trying to use the right browser, export the certificate in the right format, sometimes even convert it on the command line, use the right mail client extension, etc.
So it's the tools that are the main problem.
Until S/MIME or similar is built into major webmail clients, and certificate creation and installation is simple on the desktop, it's never going to happen.
The people you see in tech support are not representative for the entire population.
This is like working in a hospital and coming to the conclusion that most people in the world have a serious illness.
I can imagine the average person replying 'yes there is there's the from box in the email'.
Belief is a thorny issue when trying to communicate to the masses, though.
This is like "we shouldn't use locks because some people often lose their keys".
That's what you don't seem to comprehend. Yes, for you this seems obvious. But really, to the average Joe/Jill, this idea that you could get an email from the address you expect but it has been spoofed is gibberish.
Let alone am I going to try getting her to use PGP and sign her emails.
This is hilarious. Do you have parents and/or grandparents?
Have you not had to repeatedly explain the simplest things over and over again? User names and passwords are hard enough, and you're expecting most people to understand email signing?
What experience do you base this expectation on?
Hardly. The first paragraph is easy to understand -- you tell them that "there's no proof it came from you" and that "its easy to fake emails" and that signing the emails digitally helps prevent that. Everyone can understand "there's no proof it comes from you" and "fake emails" follows on from that. Everyone knows what a physical signature is and how it helps identify that something was written by you and can imagine the concept of a digital one, even if they have no idea about the mechanics of one.
That goes a long way to describe at least why you would want to digitally sign emails, even if it doesn't tell you anything about how it works.
Would that be of interest to anyone other than myself?
Putting a stress on the "qualified developer" part would critical. We are so used to not understanding things (new frameworks every week, new code base to grok, stuff we wrote 3 weeks ago that is just spaghetti), that I think it won't be representative of how most people would enter a subject.
I saw this when looking at other people learning languages, where some of them had a "I don't understand anything" reaction and just stop there, because it's just not a normal situation to them ('growing up' was part of securing that comfort zone for a lot of people)
Also if someone who normally sends you a signed message sends you an unsigned one, a security warning is displayed and / or the message is automatically directed straight to the spam folder.
from: email@example.com [This message was signed by apple-support.example.org (Verified by Let's Encrypt)]
Please send us your Apple ID and password for routine security checks.
Sure, maybe you're trusting a scammer more and more, but at least when you get a new email from a scammer that's trusted by millions (let's say by more than one EV cert signed the key that signed the email), then it's pretty sure you're just being scammed by Apple to further their regular bottom line.
For example, ask someone the following question. You have cards with letters on one side and numbers on the other. Cards with vowels must have odd numbers on the reverse. If you have cards [A B C 1 2 3], which cards do you need to turn over to check that the rule is followed?
It's easier for people to understand when you rephrase the question as: we're serving sodas and beers to restaurant patrons of various ages. If I have [Beer Soda Water age40 age10 age30], which patrons/drinks do I need to check? People will have a much easier time answering [Beer age10] than [A 2].
I would try explaining it to people with a real world analogy: did the mail-bombs  to Soros, Obama, Clinton, and CNN come from Debbie Wasserman Schultz? People can write anything in the return address and mail a package from a public mailbox. Email acts the same way by default. Do you think non-IT people will have trouble understanding that analogy? (or that the analogy doesn't represent the situation correctly?)
You don't need people to understand why digital signatures work to explain to them what they do.
So, if signing were properly featured, then the failing emails would get burried in Spam folder, even more, the email client could block the 'Click here so I could screw you' links in such emails, and more choices how to integrate it in common user's flow.
However, the other question is rather if the email signing would still serve the purpose in case when the system/server gets compromized, keys stolen. Did any major company paid off fully what's due for losing away scores of users' private details?
The errosion of trust may be more detrimental to Joes and Jills outhere.
The absolutely terrible concept of a modal dialog is a different topic, but it is quite common nonetheless.
Reminds me of yesterday: https://news.ycombinator.com/item?id=19357573
That has not been my experience signing anything. I cant judge about the math behind the encryption, but the interface side of things has always seemed ... lacking.
Use PGP for this. No, now it is called GPG instead. We thought it was funny. Pass this optional command line argument if you want extra security. Why would we want that as a default?. Enter a passphrase - it is recommended! Except no one uses them. Or they do. Have you installed gpg-agent? Ok so you have a public key now. Before you send stuff to this person you should celebrate a Key ceremony with them and interchange keys physically. Now add your key to your program. Ok so your commits are signed using your key now. If you want to sign a tag, however, you will need to pass this extra flag when creating the tag.
To be fair, that last one is mostly git CLI being consistently inconsistent . But it still another spoke on the wheels.
Encryption needs to be easy in order to be mainstream. Otherwise it will be relegated to the minority which can jump through its interface hoops.
 Yes, I am going to be eaten by a hobgoblin any second now http://stevelosh.com/blog/2013/04/git-koans/#the-hobgoblin
How do you know that's your bank's signature and not from "h-s-b-c.com"
How does granny know?
Exactly. Any solution you can come up with for baking PGP authentication into email can be applied also to DMARC, so if your primary use case is authenticating reputable businesses why not back the tech that's already seeing adoption by said businesses?
Obviously it'd be great if all digital messages were effectively authenticated using strong cryptography. I imagine at some point we'll get there, probably through a combination of maturing technology and better educated users.
On the other hand there is nothing existing today for telling your MTA to trust this or that domain only. There is no standard so every provider would start by doing their own thing. That missing part is the difficult part, and that is only doable in pgp today.
However it is true that in both cases there should be some UI indication to ask you "do you trust this domain ?"
That's just the tip of the iceberg in difficulty.
0 - understanding the web of trust
1 - verifying that the key you exchanged actually belongs to the person/entity it purports to be from (ie. verifying identities of keyholders and verifying key fingerprints over an out-of-band communications channel).
2 - keeping your own secret keys secure
3 - making and keeping offline backups of your keys
4 - understanding why, how, and when to issue and use key revocations
But it's still plenty hard to ensure that we don't show an email as validated as definitely being from amazorn.com, along with some other funny business that could be pulled.
It does tend to get the problem down to an already existing set of problems, though. It could also be the "killer app" for GPG emails.
The user doesn't need to understand any of this. The user does not need to sign his emails. He just needs a mail software that can handle signatures from well known organizations, and can warn you when the signature doesn't match. Just like my browser puts a green or red symbol when there's a problem with the certificate.
Everything you list is mostly orthogonal to the submission.
What makes an organization "well-known" enough to be on this list? What happens if an organization is not on this list? What if I'm a completely-legitimate (S-Corp paperwork filed!) organization called amazorn.com?
And what problem does this solve that the current DMARC system does not?
Lets email servers and domain owners attest that a message was sent by them. For instance, gmail can apply a DKIM to all outbound emails, to verify that it's sent by gmail, and that they authenticated the person that it was sent as. For example, here's one of gmail's DKIM public keys:
Organization signing would be a whole different thing. Something like Extended Validation for SSL/TLS.
I'm with you, purely for selfish reasons. The first thing I do when I suspect phishing is look in the raw email source for the DKIM signature.
It would be trivial to expose the DKIM signature in the UI. Things like whether the signature was good, what domain(s) signed the email, and what was signed would be very handy.
There, conceptually it's explained, to anyone who has any concept of what "writing" is.
(Also I wonder if using the word "signature" only makes it harder to explain. Like, trying to explain to someone how an analog signature proves your identity. Because, well, it doesn't.)
It also neatly explains the concept of key sharing, which seems to present some pedagogical difficulty for some reason - you can sign your letters all you want, but if I've never seen your signature before then it doesn't actually prove anything.
Public key = knowing what your signature looks like
Private key = the muscle memory required to create a signature
By now every single email user with an email address that has been exposed to the internet has received untold amounts of spam emails with their own address spoofed as the sender. The only question is if they've ever noticed it.
This wouldn't pass most spam filters today, thanks to stuff like DKIM: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
But I agree that this is rather intransparent for the user. What we need is a warning like "You have never received an email from this domain. Do you want to trust it?" and something like the Extended Validation Certificate for companies (does something like this already exist?). Not PGP though.
But they are right in one sense: it's their mail provider's job to provide the signing infrastructure.
But customers have to know they need it and demand it
"Just as it's easy to fake regular mail, but it's never been a real issue for anyone. You don't really see me notarizing every mail I sent, do you?"
Isn't this what DKIM was supposed to be?
There is a sister standard to DKIM called DMARC that lets a domain publish instructions for what to do if unsigned emails are received. It can run in allow, report and deny mode. Report is useful, it asks the recipient to send it back to the domain which is helpful for large networks that may have many people and services sending mail on their behalf.
You can use this tool to compare gmail.com (ignore failed signatures) vs google.com (reject)
Thus google.com i.e. Google employee / service email is protected from From header forgery, but consumer Gmail isn't (too many people sending mail from non-Google SMTP servers).
So, can they still my signature without me even knowing? Wouldn't that make it worse for the recipients, then, getting signed messages that give them a false sense of security?
And what is this PGP thing? PGP Keychain?
Hey, I updated my computer and I made a new key, and I can't read the encrypted messages they sent me anymore.
The problem for the layman user though is that PayPals.com (fraudulent) can also sign their emails -- and they'd be conditioned to equate "signed = legit" (and can easily miss misspells, alternative domains, etc).
And I'm not even sure it would work: many users would just click the "yes I know them, please trust" button on first use.
An alternative would have "unknown" be a little, not very scary warning (with easy TOFU), and the "this handle looks like this other one, they may be trying to scam you" blinking red warning. Then it would be on the developers to detect typos and look alikes.
The user-visible part of this is very limited. Remember, no one is expected to sign their own emails: just verify that the signature is correct (which the software will do). It's not that different from verifying a handwritten signature.
HTTPS is notoriously difficult for users to understand. Most people don't even know what a server is. At least with emails you have analogies to do with sending paper letters to letterboxes that map pretty well.
I think the big push for HTTPS from the last few years is in part because Google claim they now give you an SEO benefit from it, HTTP2 (i.e. for better performance) requires it and Google + Firefox show more scary user visible warnings than they used to for non-HTTPS sites.
That's because it's entirely up to site operators (and browser/os vendors to add trusted registries) and not to the user.
If it was to the end user to install something and manage certs for https, it wouldn't work at all...
I don't sign my emails, and I don't expect my contacts to sign their emails. I also don't see how the effort would bring a proper "return on investment". It would basically change nothing for me or my contacts.
This is an infrastructural problem, and needs to be solved at that level. The user has nothing to do with it, doesn't understand it, doesn't know what problem it solves.
So I Googled how to make it happen for GMail. The options seem to be some browser plugins, or switching to another service.
It is not handled by Google at all.
That's a non-starter then, because I access my GMail account from the app some of the time, and there's no point in "some of the time security".
Once GMail supports something like this, it'll take off a lot faster.
If your mail server receives an email that claims to be from paypal.com, but it's not dkim signed (by paypal.com) it should be rejected.
But even paypal.com, likely one of the top phisher targets publishes their DKIM signature with:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.paypal.com;
I'm surprised that even internal email systems inside of companies regularly accept email from allegedly inside the company, that are forgeries. You'd think ibm.com (just an example) would A) sign ALL outgoing email B) check DKIM for all incoming email C) reject anything claiming ibm.com, but without the ibm.com signature.
Seems insane that it's so easy to send email as a companies/organizations management.
What you want to look at is their DMARC record:
v=DMARC1; p=reject; rua=mailto:firstname.lastname@example.org; ruf=mailto:email@example.com
That's quite a contrast to Thunderbird with Enigma which really feels just like a UI for gpg.
They would get accustomed to seeing green checkmarks on emails coming from big businesses, and then possibly notice their absence on phishing emails.
WARNING: You cannot trust this email was sent from who it
says it's from, the email have been modified in transit,
and the email may have been read by hackers in transit
Signing verifies that the contents of the email itself have been authenticated by the author. I.e. prevent spoofing.
I agree that the key exchange is difficult, but seriously I'll even take a CA if it means that I can reasonably tell that email that appears to come from my bank probably comes from my bank. Even better if a technical user can manage the keys themselves, but at least lets do the bare minimum!
So that you have a false sense of security when the keys have been stolen from a clueless user you correspond with?
Then there's the issue of web of trust which signing requires to be of use, which leaks (/publicises) email addresses in adding security. Its current implementation is utterly unusable for a-technical people (like my mum).
For me, I'd prefer my server to be the arbitrator for signatures, which is a little like dkim anyway. Strong spf settings (-all rather than ~all) fixes a lot of spoofing like your bank example.
It's a problem that I'd dearly loved to see fixed up though... but how? To move onto a better email system we need to keep everyone's use cases intact: some like pop, some imap, some would prefer direct messages instead. Personally, I'd like imap with a touch of direct messaging. So, how do you handle all the handshaking between 4 devices, while maintaining absolute privacy and assurances that nothing has been tampered, but nothing can be leaked?
Hopefully better minds come up with a great solution, because all the ideas I've had are flawed in one way or another! (I've been thinking of writing an article on my thoughts...)
I don't know how many times this has to be repeated. I have a government mandated encryption key on a smart card and even with that PKI (it's really good), email encryption is not doable with most e-mail clients, the functionality just isn't there. Add that and we'll speak why it might still not be happening. Oh, and don't forget that when an encryption key expires my e-mails shouldn't get lost :D
This seems like one of those cases where more large infrastructure people need to say “don’t let the perfect be the enemy of the good”.
What do they do with the information?
Much like you might have a bookmark for https://www.myverifiedbank.com in your browser, and you'd have HSTS and so on to prevent you from randomly ending up on notsoverifiedbank.com servers instead.
The domain part of signing is now being solved by DNS (PTR, SPF, Caller-ID). But signing still it has it's use because you also know the user exists.
And encryption is very useful because most emails are stored as plain text on some server.
DKIM and DMAC are the technologies that do this. DKIM employs asymmetric cryptography to sign all outbound emails from a domain name using a key for which the public part is published in the domain’s DNS. Receiving mail servers validate signatures automatically, looking up each domain’s public key from DNS.
DMARC allows senders to advertise the fact that all email they send will be authenticated, such as with DKIM or SPF, so that receivers may drop anything else (kind of like HSTS for websites). Messages that lack a DKIM signature, from sending domains that require it, will simply be dropped.
Quality email providers, including most webmail providers, offer these capabilities built in. These technologies are table stakes for email, like HTTPS is for websites. Take a look at received email in your mailbox for DKIM/DMARC status headers and you might find that many messages are protected by these technologies.
However, even strong authentication of email addresses is not enough to prevent abuse. Attackers can send email from addresses that are similar (but not identical) to the person they want to impersonate (typo-similar domains). An attacker can fully set up the domain and employ DKIM+DMARC. Just like with TLS, possessing a key is not by itself an indicator of trustworthiness. Signing our email won’t stop people from being tricked by impersonators unfortunately.
It’s similar to the phone system: if someone calls you and claims to be an employee of your bank, how do you know if it’s really them? The best answer is often to independently navigate to the bank’s website, look up their contact info, and then use it to reach them. The same is the for email addresses: you can’t assume that an address belongs to someone - you have to verify it somehow (using an existed trusted channel). Then DKIM+DMARC can help by making it impossible for anyone to forge messages from that address.
A starting point for a better solution to the identity discovery problem could be a better address book experience, calling to the user’s attention the first time they’re communicating with a new person, especially at a new or different organization. Defending against phishing is more of a user experience design problem than a crypto engineering problem in my opinion.
One problem is that both scammers and banks themselves use domains like paypal.accepournewtos.com or paypal.usersurvey.com and firstname.lastname@example.org
Yes, but those signatures can't be verified.
I understand this is tricky problem; how do we prevent people from simply clicking "accept this unknown key"? I'm not sure; but not every user is a blubbering idiot, and "unknown signature" strikes me as a lot better UX than "carefully look for spelling errors or misleading domain names".
[Transcription: Windows XP error dialog with the yellow triangle - title "Something happened and you need to click OK to get on with things." details: "Certificate mismatch security identification administration communication intercept liliputian snotweasel foxtrot omegaforce." then you have a button saying Technical Crap and three radio buttons 1) More technical crap 2) Hoyvin-Glayvin 3) Launch photon torpedoes and then OK and Cancel buttons.]
The only thing that actually works is brick wall UX. If you don't give the user the option to ignore the problem, they are forced to give up, which was the only safe option for them. If there's a way to continue, despite it being unsafe, users will do that.
Humans have a psychological defect in which they become rigorously focused on achieving a specific objective, and screen out indications that this is a bad idea. This is why those signs saying "Danger! Low bridge" aren't as effective as you'd expect. The human driving the over-height vehicle is focused on getting to the other side of the bridge, your warning signs aren't helping them do that, so they ignore them.
This is why a modern Firefox has brick wall UX for some HTTPS problems and would like to do it for more such problems. Only brick wall UX keeps people safe.
This is also why "bad idea" and similar Chrome overrides for their brick wall have to be changed periodically, these start a "power user" feature for people who actually do what they're doing, but quickly they spread and are used by people just trying to get things done, without grasping that now they're completely insecure.
Now I work for a non-tech startup and there are exactly two of us who sign our email. Happens to be another engineer I need to occasionally exchange encrypted messages with.
As a positive, at least no one seems confused by my signed messages.
The problem that people may not verify signatures is one, but what's far worse is that bad email clients won't show the email content for emails signed with S/MIME certificates that have later expired. I was in an organization where S/MIME certificates were always issued with a validity of one year, and I used to sign all my mails. After a year, a colleague told me (and showed me) that my previous mails in Outlook couldn't be read any longer. Turns out that Outlook has a convoluted process to say "Yes, I know that the certificate used to sign this mail has now expired, but it was valid at the time of signing and I just want you to let me use it for older emails or just show me the email content with some warning". I had to go through a series of steps to make sure Outlook trusted those certificates for all mails.
Email clients need to improve a lot more on usability if people are to use signatures and also manage multiple (expired) certificates.
PGP is not user friendly though and will never reach wide adoption until it's made easier or someone develops a service for it.
And yes, PGP is hard, but only if I want to add signatures to my emails, or use it for encryption. But that's a different use case than what I wrote about here. I think this is exactly the sort of confusion I intended with:
> Confusion between every-day “random person A emails random person B”-usage versus “large company with millions of users sends thousands of emails daily”-usage.
I find it amusing that the problem in the HN threads isn't that they know too little, it's that they know too much. They've seen arguments against PGP for years, and are having trouble processing the post in any way that is different from the "usual" PGP use cases they've seen. I'm seeing comments arguing that the user can't understand concepts of web of trust, or will get fooled by Paypals.com's signature, etc.
Unconvinced. The Podesta phishing email has:
> From: Google <email@example.com>
> Date: March 19, 2016 at 4:34:30 AM EDT
> To: firstname.lastname@example.org
> Subject: Sоmeоne has your passwоrd
From a Google domain, to a Google domain. Google uses DKIM, so the sender, message-id, etc, WAS ALREADY SIGNED, and apparently got through anyway.
Which part of this would further signing have helped?
[edit to add instructions:
1. If you already have a public signature you can import it into keychain, otherwise create a certificate via Keychain Access | Certificate Assistant | Create a certificate...
2. set the permissions to allow it to be trusted for signing + decrypting email (in an enterprise environment this is automated) by double clicking the certificate in keychain access, expand /trust/ and set secure mail to "always trust".
3. In the subject field of a new mail you should now see a couple of buttons, the default (I think) is for signing to be enabled -- the right button
These days I suspect that the average user simply trusts their provider's antispam to discard bogus emails (and as TFA points out, DKIM does effectively provide a signature, although obviously it's not the same trust model).
I haven't given up on PGP, if anything I use it more than ever, but in this age of webmails and the general trend towards the centralization of the web I think the author is preaching in the desert.
> DKIM is useful, but limited. All it does is verify that an email which claims to be from paypal.com is really from paypal.com. What it lacks is the ability to show warnings such as "this email wasn't signed, do you want to trust it?" and "this signature isn't recognized, yikes!"
Perhaps such warnings could be accomplished with DKIM somehow (I'd have to study it to see), and if it can: great! But in its current state it's doing something different than what I'm proposing (which is why I omitted it originally).
I would really love signed mails thought...
One of the problems I noticed is that the signature ends up as an attachment and that confuses the hell out of many people.
Did you send me an attachment? What was that file I couldn't open it!
I'm starting to think that someone really doesn't want this to happen.
Email software could make this dead simple without requiring that the user know anything about the web of trust, regardless of how complicated PGP is under the hood. For most users, even webmail users, this would be good enough.
The best interest of companies and individuals is that others send them signed mail, and that they send non-signed mail... I think that doesn’t help at all.
It’s different from signing a website, because one is way more self-conscious when putting informations on a website.
So if you want to keep messaging decentralized, open and standardized, instead of just complaining, we need to try out things like e-mail signing. In order to improve we need to feel the pain points and engineer them away.
I really think it would be very beneficial if all major providers would start to use that. At first not many people would check the signature, but if then this takes momentum probably all major email provider will start to show an icon telling that the email is signed and verified.
Just like Gmail shows when an email was received through a secure channel (TLS).
And yes, we already have DKIM.
If they were, phishing would be a thing of the past; but it's not. In addition it's a lot harder to filter out targeted spear phishing with spam filters.
Spam filtering is certainly useful – as are other measures such as the malicious website list that most browsers have – but it seems to me that adding extra guarantees such as signing would be a good thing?
DKIM is useful, but also limited. It just detects forgeries of From address and such. Ideally email signing should be like https: if it's not https then you shouldn't trust it. DKIM can perhaps fill this role; but the current implementations don't; they just add some score to the spam-check.
It is not harder to conduct phishing with email signatures, and the fact that such phishing campaigns have no problem putting TLS certs on their phishing sites is a simple existence proof of this fact.
Email signatures does not impact spam in any significant manner beyond existing measures to prevent domain name forgery in the header. Spam email signed by email@example.com does not stop being spam because it is signed and the signature provides no useful signal to spam filtering tools.
The difference between an email signature and a TLS cert on a web site is that in the latter case the user is making an effort to connect to a specific site and the certificate ensures that they are in fact connecting to paypaaaaal.com even if other means were used to misdirect them to this site. With email there are two problems to be addressed, transport privacy/security (a sender problem) and unsolicited email (a recipient problem) and signatures are only useful in ensuring integrity of the former and do nothing for the latter.
I once had a similar experience in real-life. I received a check via express mail with no accompanying letter or explanation, which seemed like it had to be bogus. Mindful of cashier check scams, I took it to my bank to see if it was safe to cash, and they erred on the side of caution and said, "no." But it was $600, so I cashed it anyway. And then about a month later, remembered I had closed out a poker account for that same amount.
I'm all for security, but can we start with common courtesy?
> "This is not comprehensible to the ordinary person."
Too many moving parts, but there could be a solution. Unfortunately it's not going to happen.
The solution is that the few big webmail providers start setting up end to end encryption using any open standard. It must be the same zero configuration stuff that worked for WhatsApp which every grandpa and grandma use. If they start doing it for messages sent between their addresses, the world will follow.
Unfortunately this means that it must be done in the browser and the webmail provider can't see anything of the content. I don't think Google wants to see this happen even if they own the most used browser.
It would totally allow man in the middle attacks but spammers/scammers generally can not do such attacks and would not have any financial incentive anyway.
I do agree with other comments that if big clients like Gmail abstracted PGP signing nicely for their users, it would put more pressure for organizations to publish public keys and sign lest the people they try to reach complain that Gmail gives them a nice big warning each time they try to open one of their emails.
Most of them were subscriber-only lists, and many were targeted at a highly technical audience, new subscribers were rare, and spam was not particularly targeted.
I'm not sure how many person-hours per week was spent by moderators hand-filtering spam, and it definitely increased the delay for posts to appear.
It doesn't make as much sense today with DKIM and friends, automated spam filtering, plus the general volume of spam is lower, but seemed like such a big win back then.
We had so many because our user base gets an email address which expands the email base from employees to employees + customers, so 10k to 150k+ and once someone fell for the scam it would get resent from their address which looks much more convincing.
But spammers would probably just throw a "signed" or "verified" logo or text at the bottom of the mail and fool or confuse most people into trusting an email they shouldn't trust.
Webmail (which a lot of people use) is also not ideal for dealing with certicates. You more or less have to trust the mail provider with your private keys. There are just countless attack vectors.
Finally, it's quite technical to get a certificate, copy it to all your devices that have an email client and configure them.
> Webmail (which a lot of people use) is also not ideal for dealing with certicates. You more or less have to trust the mail provider with your private keys. There are just countless attack vectors.
You are already trusting the email provider with everything. What's so bad with trusting them to verify a signature, too?
We're not communicating state secrets over encrypted email here; we're just verifying the signature on "PayPal sent you a message, click here to view it"-kind of emails.
In addition there's the ID card which is issued to every citizen and has certificates embedded (also accessible through NFC): https://www.dnielectronico.es/PortalDNIe/PRF1_Cons02.action?...
And finally your regional government may have a CA that offers citizen certificates as well, in my case: https://www.accv.es/ciudadanos/
As you see, there's no excuse for not having one!
But one problem I have run into recently is that some correspondents complain that the attached smime.p7s file causes their system to mark my messages as spam. It has made me reconsider using it.
This is where a PKI on a blockchain makes sense.
Product Pitch: Signed emails, with inbuilt verification of key ownership, backed by a PKI on the blockchain
When you get an email from firstname.lastname@example.org and example.com is trustworthy and uses SPF, then you know that the sender in fact was email@example.com
It's easy enough to set up SPF for any domain.
Gmail, Yahoo, Outlook etc all use it.
In addition, the limitations of DKIM also apply to SPF:
> DKIM is useful, but limited. All it does is verify that an email which claims to be from paypal.com is really from paypal.com. What it lacks is the ability to show warnings such as “this email wasn’t signed, do you want to trust it?” and “this signature isn’t recognized, yikes!”
Such a warning already exists: https://lifehacker.com/stop-looking-like-a-phisher-in-gmail-...
Source: spent years maintaining a broken or missing SPF whitelist..
How's the state at the receiving side? I mean what percentage of users would be displayed a message about the PGP signature being valid despite them neither using nor knowing about PGP?
Still, more work needs to be done. It's a bit of a catch-22: no one is signing their emails because client support isn't that good, and client support isn't improving because no one is signing emails.
Speaking of that, couldn’t companies use their existing domain certificate to sign emails?
Or it’s not true because we implicitly trust key signers; unless you’re talking about PGP only, which only has a web-of-trust model and a very poor usability track record. If that’s the case you should look at S/MIME which is very similar in its model to what we currently use for securing websites.
It really is for Stripe, a real US company.
That the US (and every other county we care about) intentionally lets crooks run companies in order to defraud the general populace is a problem you could try taking up with your government. Although in the US that's currently led by a career grifter and a bunch of crooks so your message may not get through.
But the Web PKI did everything it could here, don't blame us.
How do you know it's not a fake signature ? Certainly you have to look at their website and find the key. But what if this person doesn't have a website ?
For PGP I mentioned some possible options:
> PGP could also be used; we can bypass much of the key exchange dilemma by just shipping email clients with keys for large organisations (PayPal, Google, etc.); like browsers do with some certificates. Or publish the keys on a DNS record. Even just publishing them on your website (or, if you’re a bank, in local branches etc.) so people can manually add them to their keyrings is a lot better than not signing anything at all!
I hope you can adjust the names in your post! I have some University pride even if it is just spam
I will adjust the name momentarily. Thanks for pointing it out.