The arc90 lab is the playground of arc90 - a New York-based technology and strategic consulting firm. The lab is a place for us to share our ideas, tools and the occasional experiment in web technology. All ideas, experiments and tools are licensed under Creative Commons.
This site is licensed under a Creative Commons Attribution 2.5 License.
Ideas
How to Trust Email Again
As fradualent emails become more and more commonplace, and occurences of identity theft rise in frequency, Arc90's lead architect Joel Nagy steps back and thinks about a new way to make email a bit more secure.
With the onslaught of spam and phishing that deluges our inboxes everyday we have a hard time even trusting legitimate email. This past weekend I received an email from my bank with a link to login to my account, which of course I didn't trust. How are we supposed to know which messages are real and which are phishing tactics?
Wouldn't it be nice if you could tell, at a glance, whether or not an email was from a reputable source? Users need email communication from service providers to be uniquely identifiable with some sort of key. This way, any email without this key would be immediately suspect. Luckily, there exists a mechanism built-in to email software for doing this: pictures. If every email from your bank contained a simple, recognizable picture, you would know when you received an email from someone who wasn't your bank.
For the picture to be easily identifiable the account holder should upload a unique photo. To make it slightly more secure so that someone can't simply grab your photos from flickr and try to send them to you in an email, upon upload the image should be modified with some random filters. Filters such as rotation, coloring, borders, noise, or inverting will make the image more unique, yet still recognizable.
Here's an example of what an email could look like with this method employed, I would notice that this was a picture I took my self and with
a few filters applied to the image it is now unique and still recognizable:
Granted any information sent in an email is able to be intercepted, and someone could potentially get your picture, however this would be part of a targeted attack. Phishing by and large is a wide net approach at trying to get millions of people to enter their account information. This approach is not meant to be a complete solution but part of broader security measures (which would take into account users with disabilities), and provides a simple and quick way for users to gain a higher level of trust from online services.
Joel Nagy,
Lead Architect
You can send feedback on How to Trust Email Again at the arc90 blog.
