E-Mail suggestion

Bit of a suggestion for anyone working on a safe mail / e mail app.

I hate when I get email form my bank or PayPal or whatever and I have to try to decipher whether or not the email is from a scammer or if it legitimate.

A suggestion would be to have an “approved senders” AKA “safe sender” indicator.

How you would do this I have no idea, but it would maybe appear similar to twitters approved accounts.

Cheers

1 Like

The network has no way of confirming the user’s identity, that would defeat the purpose of a decentralized and anonymous network.
If you want to protect yourself from scammers and spammers, you should do your homework: compartmentalize: have a public address, a private address and a secret address.

  1. Use the public one to give it to anyone you don’t know personally, it is how the world will reach you. Use the public one to set up reset passwords of sites that you don’t care about and that doesn’t have your personal information.

  2. Use the personal one to communicate with people you know personally. You can use the personal account to set up the reset passwords of social media as well.

  3. Use the secret one to only to sign up to banks, financial institutions, government, etc… This account is never used to send out emails, only to receive, and nobody else should know about the existence of this account.

With this setup, you can automatically recognize a phishing attack if you get a mail supposedly from the bank in your public account, without even opening the mail, because your bank would only send you notifications to the “secret” one.
Also, if you get a phishing mail to your personal account, you can automatically understand that it is not from some random person (who would only be able to find out about your public address online), but from someone within your circle of confidence, so you can narrow down immediately and know that this is a targeted attack.

If someone hacks your public account, they get access to nothing important.
If someone hacks your private account, the damage is limited to your social life, but it will never affect your real life finances, official access or other sensitive areas.

Btw, this is not a panacea, because there is the less likely probability (but still a possibility) that the bank itself is hacked and your “secret address” becomes exposed for bank phishing. So even the mails you get in your “secret account” should be check for authenticity by calling to the bank directly (do not use the number listed on the suspected email of course, grab the yellow pages, or use the number at the back of your debit/credit card)

7 Likes

This should be easy since these sort of companies would use a set of IDs that are publicly known and published by them and like pgp the mail APP can confirm the sender by the key signing.

6 Likes

Nothing prevents to use gpg on top of Safe.
The sender could gpg sign their message with their private key and you would check with their public key if it really comes from them. The mail app could have these features ready, to make it easier. Just like in regular mail.
But this would need that people, administrations and banks begin to realize that learning to use gpg can be useful :slight_smile:

Edit : it sounds overkill , I suppose Safe IDs should do the trick , like @neo said. Which would be really cool for wide adoption, because my step mother would not need learning gpg :slight_smile:

3 Likes

Actually all we need is for the mail APPs to adopt signing the mail they send. Then it is automatically verified upon receipt that the ID claiming to have sent the mail is the ID the mail came from.

And as you say get Banks and the like to publish their Keys so that each person can build their list of trusted senders.

EDIT: Actually if I recall correctly the messaging protocol already guarantees where the message came from. So all that is required is for the mail APP to keep a list of trusted sender IDs and give them friendly names. Then you can be certain of who sent the mail.

3 Likes

Having a way to multiply receiving adresses is great too.
Like @piluso said, if I give only my secret adress to my bank, and I receive a mail “from my bank” but to my public adress, then I know somethig is wrong.
Some regular emails providers allow you to make adresses with a subdomain that is your identifier , like : somestuff@yourname.mailprovider.com, so you can put anything on the left part of the @ and create as many as you like, it all goes to your inbox. ( neomailbox does that )

Ex : I give bank@nice.mailprovider.com as my adress to my bank, and only to my bank. If I receive an email that pretends to come from the bank , but to ,say, friends@nice.mailprovider.com, I know someone is trying to cheat me. Also , if I receive a mail from someone else, say a cheap viagra seller, to my bank adress , I know the bank leaked or was stolen my mail.

So it would be really cool if we can create as many Safe receiving adresses that all go to the same inbox. Not sure how to implement this, though.

2 Likes

We’ll need one or more web-of-trust frameworks. On the internet, we have a centralized PKI with real-life validation requirements, and that’s the reason you can trust stuff like this:

Anonymity is a double edged sword: nobody can catch you, but nobody can trust you, either.

Technology can give us privacy and anonymity, but trust is a social concept, so SAFE will need a way to utilize real-life social relationships, and it will need this not just for mail or websites, but also for app installs (or updates), content filtering, content discovery, and so on.


To relate to the original post: your bank will be trusted by a lot of people, many of whom will be your friends, or the friends of your friends. Your email app will be able to look at that “web of trust,” compute a score, then show the message as trusted or not, accordingly.

5 Likes

You just need ways of flagging IDs as trusted/known versus unknown, and for the email client to highlight this in the UI. This could be a tick, different colour, or maybe email from unknown IDs goes to a separate folder etc.

Definitely useful - great suggestion.

4 Likes

… and we’ll need a simple way to publish these decisions, because it would be rather silly if everybody had to do primary research about whether something is trustworthy, especially when the context is the snake oil salesmen of the Wild West, erm, the SAFE net. I’m confident that a huge portion, if not the vast majority, of what we’ll encounter are going to be some sort of scam, malware, or filth.

Keeping a private list of trusted parties is manageable when it’s just about the one or two banks we’re in touch with, but what about a random app, a travel agency, an eBay buyer or seller, or even a legitimate extortion business (I’m not joking: a friend of a friend just got fleeced after she got scared by a fake ransomware popup…)

It’s also a sensitive subject. I may trust a certain site or merchant that I wouldn’t want to be publicly (i.e. to my friends who subscribe to my trust list) affiliated with. However, manually publishing my choices can lead to hardly anything getting published. This will need to be figured out.

Anyway, I’m just trying to use every opportunity to highlight that we’ll desperately need efficient tools to tame the absolute freedom we’ll have on SAFE.

1 Like

Dudes

The internet is plagued. I am Glad you are starting again…Next move Mars…

Is this thread still an email suggestion thread or should we be creating threads for each Idea?

CZAR