Most email rules and filters operate based on the other person’s email address. A token, the email address that the other person controls, not you. This allows for bad actors to maneuver, spoof and swindle because they are in control of what your rules and filters are based on. A strong house starts with strong foundations and all that!
Enveloperty rules and filters operate on keys that you give the other person. You are in control of the relationship because you control the key necessary to reach you. A nuanced but enormous reversal in email architecture. Making your contact play by your rules, not theirs!
This new architecture is imperative in the adversarial email ecosystem that exists today. A ecosystem where your wishes must be enforced with technological power. As they are not respected intrinsically. But the ecosystem is not black and white, it is shades of grey. Not all trouble comes from hacker groups and pharmaceutical spammers. In fact, that content is some of the easiest to intercept as it is so transparent.
For the most part the email ecosystem is adversarial because of a lack of respect, not so much a desire to cause harm. Most daily irritation comes from legal companies. The sophisticated attackers who attempt to cause harm are primarily relegated to specific targets of high value. However, just because you aren’t valuable enough to be a target, doesn’t mean you aren’t insecure enough to be collateral damage!
En Garde Adversaire
A serious and growing issue in the email ecosystem is phishing. The goal of phishing is to pose as a different entity and get you to do a thing. Phishing is much more social engineering than pure hacking. Which is of great worry. Technical systems require a great deal of arm twisting to do what they aren’t supposed to. People generally are on the other end of the spectrum. Intrinsic desires to be good and helpful are taken advantage. Phishing comes in many flavors such as spear phishing, crowd source phishing and recently, industrialized phishing. Most people are familiar with scams like stealing credentials, asking for wire transfers and expense approvals. But the greatest danger really comes from malware. Asking a person for something requires much more cooperation than a rampaging credentialed virus through a system. 90% and change of malware is delivered through email. Sub 60% of enterprise attacks start with phishing for access or planting malware for access through email.
The real threat isn’t from truly sophisticated attackers. In general, if you have attracted the attention of a legitimate hacker you should either have a security team on staff to handle the situation. As they will craft a specific attack just for you, really only effecting you. With a high degree of success, but relatively low body count of victims.
The threat with the real body count is from industrial hackers. Hackers who go for low hanging fruit thousands of times for some derivative purpose. They will compromise servers, gather credentials, harvest information not for themselves, but to wholesale on black markets for the next group in the food chain to exploit. Hyper specialization among cyber criminals has proven wildly effective. The real danger is when the fruits of their labors are reinvested into things like botnets, gifts that keep on giving. Botnets are compromised computers who are controlled en mass by a specific entity for a special purpose. This can be anything from serving spam or malware all the way to focusing one thousand GPU’s on cracking a single password. But I admit using compromised computers to mine crypto currency is one of the most clever uses.
All of these dangers frequently start with email. More specifically, they start with someone opening email from a stranger, or a stranger pretending to be from someone else. For some jobs like sales, it is impossible not to routinely email strangers. Which is where products like secure email gateway’s are excellent at taking out the bad from among the good.
Enveloperty has taken a different approach. Enveloperty takes the good out of the bad. Our solution has the user tunnel to and from a trusted contact. The Enveloperty user will give a unique email address to their contact. This can be human readable, or can be cryptographically generated utilizing the 1e+100 possibilities for an address. Email between the two will only take place on the established channel. If email from anyone but that specific contact comes in on the channel, the user is immediately alerted to be cautious.
This solution is most impactful for jobs that involve money such as accounting and finance, or jobs that involve widespread privileges like human resources or information technology, These jobs involve talking to the same trusted contacts over and over. So establishing trusted tunnels is effective. Any compromise is bad, but a compromise to one of these employees is easily disastrous. Thus these fields extract the most value from the Enveloperty offering.
Why We Can’t Have Nice Things
If the only problem in the email ecosystem was hackers, Enveloperty probably wouldn’t exist. Security is an investment that when working, looks like a waste. Security soothes a pain rarely felt, granted when felt is usually disastrous! The hourly pain Enveloperty soothes is getting email you don’t want. Not the pharmaceutical spam that is easily detected by filters. The junk you get sent daily because you went to a yogurt shop once and they hired consultants to annoy people into brand awareness. Nearly all organizations send out automated emails to varying degrees of permission. The unending bleating that comes from being in a position of power and having your email address sold is too horrible to mention. But is a issue in desperate need of solving for those afflicted. This is the nightmare fuel that has you sending your first email at five in the morning and your last, not till nine at night.
For security, users only interact with trusted contacts on established channels. But not all of these trusted senders send email that is immediately important to read. Just because email isn’t spam, doesn’t mean it is bacon. This is why Enveloperty users can turn on or off notifications based on folders or specific channels. This is how Enveloperty cuts through the noise of senders users can’t drop outright, but don’t want to be interrupted by. Enveloperty users can configure notifications so that unless they get a notification, there is no need to check their email. Users can stay focused knowing they are covered by a setup they configured free of the wild results of programmatic filters.
Swinging For Beyond The Fence
The goal of Enveloperty is to become unnecessary. The fundamental objective of Enveloperty is to be used to correct the email ecosystem into a permission basis. By widespread use of Enveloperty, the economics of unwanted email fall apart, forcing a change in strategy or loss of profit.
Enveloperty isn’t a tool that only punishes misuse. The users explicit control over inbound email means important email gets a direct path and immediately opened. Most users have one or more newsletters or blogs that get a direct route to their attention. These statistics are pure gold for the sender as they demonstrate an engaged and responsive audience!
It is through this carrot and stick methodology that we hope users will educate senders on the value of permission based email. Like the organic food movement, it isn’t done by one company, but it is started. We encourage ethical business practices entirely, not just ethical email marketing. Business is a core part of American culture which comes with certain stewardship responsibilities. In the current culture, technology companies bear a disproportionate responsibility as they support a growing middle class employment. Further more, as technology startups have garnered so much capital and attention, stewarding is not acceptable. Such organizations, including Enveloperty, are required to spearhead progress in changing business practices.
Another peripheral goal is to spread the message of organic intelligence. Organic intelligence to us is amplifying a human’s intellect and talent. This is different from for example, artificial intelligence. Artificial intelligence to us is about replacing humans, organic intelligence is about empowering humans. For all of the advances in computing, we still believe there is certain value that only a human perspective can provide.