We have failed to stop phishing, even after 2 decades. Can we finally agree that emails …

It’s a little strange that many people (me included) accept phone calls from numbers we recognise but are suspicious of unknown or unlisted numbers. The mechanisms exist to do the same for email. Why don’t we? If one or more of the major email clients (I’m looking and Microsoft, Google, Apple…) defaulted to signing email then we’d be 50% of the way there…:

[…] In fact, despite so many years of sincere attempts at curtailing phishing, and in spite of the release of numerous technology products and human-training systems aimed at doing the same, and despite the availability of offerings to implement email-security standards such as DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting & Conformance (DMARC), phishing remains, to this day, one of the most effective ways of cyber-penetrating organizations. Phishing attacks are both so common and so commonly successful that many experts believe that a majority of American businesses have suffered some sort of successful phishing attack within the past year. Remember, while defenders need to secure all people and all systems within an organization, and need every target of a phishing attack to remain safe, a criminal needs only one person to fall prey in order have a phishing attack pay off.


Original article